Attacks get personal in 2026: Key Cybersecurity Trends for CXOs

Attacks get personal in 2026: Key Cybersecurity Trends for CXOs

Attacks get personal in 2026: Key Cybersecurity Trends for CXOs

We adopt new digital tools at a rapid pace to increase efficiency and productivity. However, as businesses adapt, so do threat actors. With every new tool and the rise of AI comes the potential for new vulnerabilities. Attack methods are often simple, relying on known vulnerabilities rather than sophisticated tools, the operational impact is significant. Today, cyber-attacks are personal, putting everyone from the intern to the CEO at risk.

Google Cloud-owned cybersecurity firm, Mandiant’s M-Trends Report for 2025, can help CXOs stay ahead of these threats. The key finding is that identity is the new target for attackers and the adoption of new tools is making security breaches easier than ever.

Challenges facing CXOs

  • Identity Theft: With a renewed focus on targeting personal credentials, attackers can use a single entry point to gain broad access to private data. The way businesses operate today presents a number of challenges for CXOs who are constantly working to identify vulnerabilities and keep up to date with new attack methods.
  • The Speed of Ransomware vs. Dwell Time: Once login credentials for one tool are obtained, it becomes easier for attackers to find credentials for critical platforms. An old email address logged in on a smartphone that isn’t linked to multi-factor authentication, or a hacked Facebook account an employee never recovered could be all a hacker needs to gain entry into a device. The M-Trends Report reveals that the median dwell time ( the time an attacker is undetected in a system) is 11 days. Ransomware attacks often execute within 2 to 3 days, outpacing the average detection time. Speed of detection is now more critical than ever.
  • The Operational Technology (OT) Blind Spot: A critical blind spot remains in Operational Technology (OT) and manufacturing environments. Many organizations hesitate to monitor these environments due to concerns about voiding vendor warranties or disrupting production, assuming they are "closed loops". In reality, these systems are often connected and vulnerable, requiring the same rigorous monitoring as IT environments.
  • Staff Onboarding and Remote Risks: CXOs in South Africa also note that onboarding new staff members presents a challenge, as employees enter with varying degrees of cybersecurity awareness. Handing over email logins and platform credentials for use on personal phones is a standard practice in remote work, yet this opens avenues for breaches if devices are not secured with multi-factor authentication (MFA).

The Role of AI in 2025

AI has permeated every industry and CEOs are ready to invest further as we enter the era of autonomous AI agents. However, AI has also made simple phishing attacks more sophisticated. Emails now appear professional and AI generated images look perfect, making it difficult for staff to distinguish between real and fake communications. Consequently, Business Email Compromise (BEC) incidents account for 21% of all attacks, outpacing ransomware by 16% according to the M-Trends Report.

BEC tactics include:

  • Phishing
  • Password spraying
  • Inbox rule manipulation
  • MFA tampering
  • Email thread hijacking

Solutions organisations can apply

If cyber-attacks are more personal than ever, our defence should be more personal too. Organisations should consider key proactive tactics as part of their priority planning for 2026.

  1. Adopt "Just-In-Time" Access: Move away from permanent standing privileges. Implement "Just-In-Time" access protocols where staff are granted access only for the specific timeframe required to complete a task. This limits exposure if credentials are compromised outside of working hours.
  2. Assume Breach and Test Internally: Many organisations also engage in red team exercises to test defences with realistic attack tactics including phishing simulations and social engineering. It should be assumed that the breach is coming from inside the company rather than only testing against external threats.
  3. Protect Your Brand Reputation: Defense goes beyond the firewall. Effective security now includes monitoring for brand impersonation, such as fake executive profiles on social media or fraudulent competitions using your company logo.
  4. Strengthen HR and IR Collaboration: CXOs need to work more closely with HR to ensure staff cyber-security training is compulsory and continuous. New staff onboarding should include basic training before credentials are handed over. Gamify the process to keep engagement high and ensure training is refreshed often to match the speed of AI generated threats.
  5. Optimise Detection and Response
    1. Deploy advanced threat detection: Regularly scan for vulnerabilities and prioritise patching based on risk.
    2. Strengthen CSPM controls: Test Cloud Security Posture Management (CSPM) across all environments.
    3. Invest in BEC defense: Utilise tools like DMARC, DKIM and SPF monitoring to authenticate your email communications.

A shift in the organisational mindset is required. Investing in solutions to prevent cyber-attacks is essential and as the budget for digital transformation grows, so should the budget to protect against digital risks.