With 2026 around the corner, I’m able to share predictions from Lee Sult, Chief Investigator at Binalyze, who has shared his thoughts on the cybersecurity trends that he thinks will dominate next year.
Security budgets will finally rebalance as leaders accept that attacks are inevitable
“For years, cybersecurity budgets have been heavily skewed towards prevention, with organizations spending on average twice as much on keeping threats out as they do on investigation and response. But recent attacks, like those on Jaguar Land Rover and M&S, have shown the real cost of delayed response and recovery – adding to an estimated $48.1bn in losses for US organizations alone.
“In 2026, we’ll see a major rebalancing in cyber budgeting. With 84% of enterprises saying successful cyberattacks are “inevitable”, they will shift to a 50/50 split in their security spend, opting for more investigation, response and recovery capabilities. When visibility is lost, insight is incomplete and recovery stalls – bringing operations to a grinding halt. The financial and reputational impact of these failings can become more of a disaster than the actual attack.”
Response time will become the defining measure of cyber resilience
“As cyber threats evolve and intensify, especially with the help of AI, organizations, regulators and stakeholders have accepted a hard truth: attacks aren’t just a possibility anymore, they are inevitable. Even organizations with the deepest pockets for cybersecurity find themselves breached. That’s because even the most rigorous controls can’t completely ensure you can keep attackers out. Prevention alone simply isn’t working.
“It’s time we reset the definition of security. Success isn’t “never getting breached” anymore – that ship sailed a long time ago. The real question is: how fast can you detect it, stop the bleeding, and get back on your feet? And can you prove what happened with enough clarity to make regulators and insurers nod instead of dig? Every hour of delay costs $100,000 or more in operational costs – and that’s before legal actions, headlines, or board meetings.
“This is the new standard: resilience over prevention. That’s what your investors care about, what regulators are starting to measure and where security teams are placing their bets.”
Organizations will stop waiting for regulations to drive better behaviour
“In 2026, CISOs will stop waiting for regulation and instead take the lead on security. Regulations move too slowly to keep pace with today’s threat landscape. This year alone we’ve seen CIRCIA delayed and CISA expire, delaying best practice in sharing intelligence.
“By the time rules are updated to meet the status quo, attackers have already forged a new weapon. Recent breaches have shown that following rules and regulations can’t protect organizations from attacks. The ability to investigate incidents, understand what happened and share intelligence is what truly strengthens defense.
“Many organizations will come to the conclusion that compliance is only a starting point and is not going to save them during a major incident. Recognising resilience against attacks depends on internal maturity rather than external rules, they will build their own operational capability for investigation and response.”
2026 Predictions From Binalyze
Posted in Commentary with tags Binalyze on December 6, 2025 by itnerdWith 2026 around the corner, I’m able to share predictions from Lee Sult, Chief Investigator at Binalyze, who has shared his thoughts on the cybersecurity trends that he thinks will dominate next year.
Security budgets will finally rebalance as leaders accept that attacks are inevitable
“For years, cybersecurity budgets have been heavily skewed towards prevention, with organizations spending on average twice as much on keeping threats out as they do on investigation and response. But recent attacks, like those on Jaguar Land Rover and M&S, have shown the real cost of delayed response and recovery – adding to an estimated $48.1bn in losses for US organizations alone.
“In 2026, we’ll see a major rebalancing in cyber budgeting. With 84% of enterprises saying successful cyberattacks are “inevitable”, they will shift to a 50/50 split in their security spend, opting for more investigation, response and recovery capabilities. When visibility is lost, insight is incomplete and recovery stalls – bringing operations to a grinding halt. The financial and reputational impact of these failings can become more of a disaster than the actual attack.”
Response time will become the defining measure of cyber resilience
“As cyber threats evolve and intensify, especially with the help of AI, organizations, regulators and stakeholders have accepted a hard truth: attacks aren’t just a possibility anymore, they are inevitable. Even organizations with the deepest pockets for cybersecurity find themselves breached. That’s because even the most rigorous controls can’t completely ensure you can keep attackers out. Prevention alone simply isn’t working.
“It’s time we reset the definition of security. Success isn’t “never getting breached” anymore – that ship sailed a long time ago. The real question is: how fast can you detect it, stop the bleeding, and get back on your feet? And can you prove what happened with enough clarity to make regulators and insurers nod instead of dig? Every hour of delay costs $100,000 or more in operational costs – and that’s before legal actions, headlines, or board meetings.
“This is the new standard: resilience over prevention. That’s what your investors care about, what regulators are starting to measure and where security teams are placing their bets.”
Organizations will stop waiting for regulations to drive better behaviour
“In 2026, CISOs will stop waiting for regulation and instead take the lead on security. Regulations move too slowly to keep pace with today’s threat landscape. This year alone we’ve seen CIRCIA delayed and CISA expire, delaying best practice in sharing intelligence.
“By the time rules are updated to meet the status quo, attackers have already forged a new weapon. Recent breaches have shown that following rules and regulations can’t protect organizations from attacks. The ability to investigate incidents, understand what happened and share intelligence is what truly strengthens defense.
“Many organizations will come to the conclusion that compliance is only a starting point and is not going to save them during a major incident. Recognising resilience against attacks depends on internal maturity rather than external rules, they will build their own operational capability for investigation and response.”
Leave a comment »