SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Businessperson digital security ai deepfakes masked faces computer circuitry
#
Encryption
#
Phishing
#
Advanced Persistent Threat Protection

CISOs face AI, deep-fakes & regulatory minefield in 2026

Fri, 28th Nov 2025
Author image
By Sean Mitchell, Publisher

Chief Information Security Officers are expected to face a challenging environment in 2026 as advances in artificial intelligence, geopolitical instability, and regulatory developments reshape the cybersecurity landscape. According to Dr. Carl Windsor, Chief Information Security Officer at Fortinet, the evolving threat matrix places significant demands on security leaders and the organisations they protect.

AI risks escalate

Artificial intelligence is now at the centre of business transformation across industries. Businesses are deploying AI to drive efficiency, automate processes and deliver tailored customer experiences. However, this adoption brings new risks including opaque decision-making ("black box" issues), privacy concerns due to large-scale data use, and unique security vulnerabilities such as adversarial data attacks and prompt injection in large language models.

The broad use of agentic AI, which allows autonomous interaction between machine agents, has increased concerns around identity management. Weak machine identity could result in cascading vulnerabilities and inadvertent data exposure. Breaches are already being reported and are expected to surge in both frequency and impact as more sensitive data is made available to AI systems.

Deep-fake challenges

The quality of AI-generated synthetic media, such as audio, images and video, is improving and poses new risks. These technologies enable more convincing disinformation campaigns and enhance fraud techniques like business email compromise (BEC) and phishing. Organisations have witnessed a notable increase in targeted, credible email scams, and deep-fake audio is already used in extortion attempts. The financial and reputational impact is projected to rise sharply.

Geopolitical threats

Geopolitics continues to influence cyber risk. There has been a rise in nation-state activities, targeting critical infrastructure and data with both physical and cyber operations. Incidents involving attacks on undersea cables, cryptocurrency exchanges, and banking systems underscore how conflicts in one region now trigger widespread impacts for global organisations. State-sponsored actors are expected to maintain a heightened level of offensive cyber behaviour throughout 2026.

Space vulnerabilities

Global reliance on satellite communications and navigation systems such as GPS has created new attack surfaces. Jamming and spoofing technologies in conflict zones threaten navigation reliability, which is critical to sectors like aviation, shipping, and logistics. Research has also shown that some commercial satellite communications can be intercepted using low-cost equipment, highlighting an urgent need to improve encryption and safeguard airborne and remote communications.

Skills shortage persists

The persistent cybersecurity skills gap hinders organisations' ability to respond to evolving threats. A shortage of trained personnel and lack of security awareness remain leading causes of breaches. The preference for certification among employers is growing. The emergence of digital-native generations will require employers and educators to adapt their recruitment and training strategies, especially as AI begins to automate more entry-level roles.

Regulatory pressures mount

Regulatory frameworks such as the EU's Cyber Resilience Act, DORA and NIS2 have introduced stricter requirements for security standards, accountability, and breach reporting. Compliance costs are rising, and country-by-country regulatory fragmentation is increasing operational complexity. Businesses failing to meet requirements could face significant penalties, up to 10 per cent of global revenues in certain jurisdictions, with the first fines anticipated soon.

Quantum threats loom

Quantum computing is not yet an immediate threat but prompts concern about long-term data security. Attackers may already be harvesting encrypted data, betting on future quantum capabilities to decrypt it. Organisations are advised to factor quantum readiness into procurement and security planning to mitigate future risks to sensitive historical data.

Business resilience spotlight

The CISO's role is shifting from pure security to overall business resilience. Planning for operational continuity in the event of a major incident is now a key focus. This includes understanding the minimum viable capability needed to keep the business running and conducting regular exercises to test plans.

"The role of the CISO has never been broader or more vital. Success in 2026 will belong to those who can combine technical depth with strategic vision, turning security from a reactive function into a force for resilience, trust, and growth," said Dr. Windsor, Chief Information Security Officer, Fortinet.
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Gallagher Security maps global growth & 2026 focus
How to detect fake players in online gaming
DivisionHex launches new framework to streamline exposure management
HP predicts surge in AI-driven cyber threats & cookie theft by 2026
Hack The Box launches AI cyber range & unveils red team certification

Top stories

Softonic issues guide to avoid scams in festive sales
Cloudflare outage exposes risks of AI & payments reliance
Netskope adds MCP controls to secure enterprise AI use
Exclusive: Inside Commvault’s Cloud Unity launch with APAC leaders
Check Point updates Quantum firewall to secure AI use