Our expert says AI-powered social engineering and AI-enabled malware, an increase in ransomware attacks, web-based attacks, and insider threats will be the main business cybersecurity concerns in 2026
In 2025, the corporate world witnessed a significant rise in artificial intelligence adoption, leading to a boom in AI-powered browsers, co-pilots, and personal assistants. However, Andrius Buinovskis, cybersecurity expert at NordLayer, a toggle-ready network security platform for business, emphasizes that cybercriminals were quick to adopt AI as well, automating and scaling their attacks, and this trend is projected to continue into the next year.
Buinovskis explains that in 2026, businesses can expect to see even more AI-powered cyber threats, alongside other risks that have persisted and will continue to challenge business cybersecurity in the new year. He outlines four main cybersecurity threats businesses should be on the lookout for in 2026.
1. AI-powered social engineering and AI-enabled malware
According to a report by the World Economic Forum, phishing and social engineering attacks increased by 42% in 2024. According to Buinovskis, the uptick that AI might have caused is likely to worsen.
“Social engineering is the basis for many attacks, and with AI, it’s bound to get more advanced,” Buinovskis says. “It will become increasingly more difficult to understand if an attack is being carried out using a sophisticated method or a simple approach. Essentially, the line between basic and advanced social engineering is blurring, making both its detection and resistance significantly more difficult.”
He outlines automated deepfake social engineering as a primary growing concern. Utilizing it, cybercriminals will be able to carry out even more believable attacks, tricking even the most well-prepared employees.
“The use of deepfakes is becoming increasingly more common and diverse, with some instances of students even using deepfakes for exams,” says Buinovskis. “Bad actors could definitely utilize highly believable videos and voice calls to impersonate CEOs, third-party contractors, or other employees to trick staff members into divulging sensitive information, accepting fake invoices, or handing over credentials to infiltrate the network and deploy a larger-scale attack.”
Buinovskis highlights AI-enabled malware as another rising threat to cybersecurity. Recently, Google identified the first instance of Just-in-Time (JIT) AI malware, a new type of malware that utilizes artificial intelligence to dynamically generate malicious code at runtime, making it highly adaptable and challenging to detect.
“JIT can generate malicious code dynamically, flying under the radar of traditional antivirus software that relies on static analysis,” says Buinovskis. “Its ability to analyze the target’s system in real time and dynamically generate malicious code tailored to specific vulnerabilities, configurations, or data enables it to deploy highly targeted attacks.”
2. An increase in ransomware
According to research by NordStellar, a threat exposure management platform, as of September 2025, the number of ransomware incidents has increased by 47% compared to the same period last year. Buinovskis says that the trend will most likely continue into the following year, especially with the introduction of AI-powered ransomware.
“Like other cybercriminals, ransomware groups are adopting AI and using it to scale their operations by automating the attacks,” Buinovskis says. “We’ve already seen how the rise of the ransomware-as-a-service model lowered the entry barrier for these attacks, allowing even hackers without the proper technical skillset to participate. With AI, ransomware groups will be able to cut down on the required human resources needed to carry out their operations, enabling them to execute attacks more quickly and efficiently.”
He emphasizes that if ransomware groups successfully implement AI and increase their efficiency, they will be able to reap the same profits with fewer human resources, resulting in a greater financial gain. This, Buinovskis notes, could be the catalyst for an even greater ransomware surge in the longer run.
3. Web-based attacks
Malicious browser extensions were a prominent cybersecurity topic in 2025, raising concerns over browser protection. However, they’re not the only browser-related threat to look out for — according to Buinovskis, the browser has become a substantial attack surface and the primary target for many dangerous attacks.
“As companies continue to adopt web-based software as a service and abandon the desktop for the web, the cyber risks that are waiting for employees in the browser are becoming increasingly more prominent and common,” says Buinovskis. “Malicious extensions, various phishing pages, and infostealer malware are some of the main threats lurking in the browser, which is becoming the default channel for work-related tasks in many organizations.”
Buinovskis emphasizes that despite many organizations shifting to a browser-based working environment, it’s still often left unprotected. As a result, more employees and organizations will be exposed to malware, browser-based exploits, and data loss caused by employees unintentionally leaking information from web-based software-as-a-service platforms.
4. Insider threats
A study found that 83% of organizations reported having experienced at least one insider attack in 2024. Moreover, they were identified as the cause for the costliest data breaches in 2024 in an annual report by IBM, with an average cost of $4.99 million per incident.
Buinovskis explains that insider threats are complex, and as companies’ attack surfaces constantly expand due to remote or hybrid work models and the introduction of shadow IT and shadow AI, the threat will continue to escalate.
“With so many factors contributing to the complexity of the current cyber environment, it’s becoming increasingly more difficult to ensure high observability into what users are doing and prevent them from bypassing security policies,” says Buinovskis. “As a result, insider activity can go undetected for a significant amount of time, allowing for more devastating cyber incidents. The current cybersecurity landscape, as well as the constant evolution and sophistication of threats, will ultimately lead to more cybersecurity incidents caused by user error, turning more employees into unintentional insiders.”
Buinovskis emphasizes that to safeguard against the cyber threats looming in 2026, businesses should prioritize building a comprehensive cybersecurity strategy and raising employees’ cybersecurity awareness. He highlights that small businesses — often operating with limited IT budgets and facing more security vulnerabilities — should reassess their cybersecurity policies because they are frequently the primary targets of cybercriminal activity.
ABOUT NORDLAYER
NordLayer offers reliable connection, protection, threat detection, and response for businesses needing strong network security. Built on NordVPN standards, NordLayer is a trusted cybersecurity platform that integrates easily with any network and technology stack, all with unmatched support. NordLayer is part of the cybersecurity powerhouse Nord Security. For more information: https://nordlayer.com/
