Category: Report

As we move into 2026, Milestone’s acting Chief Technology Officer Andrew Burnett predicts the technology trends that will define the year While several technology trends were once mostly confined to research labs and conference keynotes, they are now stepping into the daily reality of the security industry. What is new today is not the idea of AI itself, but the emergence of Agentic AI – intelligent systems capable of taking autonomous actions across operational workflows. Rather than asking what they might one day do, we are now seeing what they actually do in the field. In 2026, three technologies will particularly drive this transformation – Agentic AI, Digital Twins and Wearables with Augmented Reality (AR). Each represents an evolution not just in capability, but a step toward fully intelligent, interconnected and immersive security ecosystems. Agentic AI – From Hype-Cycle to Operational Workflows Agentic AI, first notable for its capabilities in areas like code generation, is now expanding beyond coding to orchestrate operational workflows across security systems. The shift for 2026 is from capability demonstrations to task-focused agents embedded in operational flows. Rather than one-off proof of concept we are seeing agents that orchestrate across systems – they ingest video, correlate access logs, detect deviations and then trigger follow-up actions – all without a human translating between disparate interfaces. Practical examples include autonomous investigation agents that not only take an alarm, gather the last 30 minutes of multimodal evidence (video, access, sensor telemetry) but also propose and initiate immediate mitigation action for an operator to approve. The value is twofold – speed (reducing mean time to insight) and bandwidth (freeing operators to focus on decisions, not data-gathering). This momentum is mirrored in global investment patterns. According to recent industry projections, Agentic AI is set to dominate IT budget expansion over the next five years, representing more than 26% of worldwide IT spending and surpassing US$1.3 trillion by 2029. This reflects a decisive shift: organisations are no longer experimenting with AI for select projects – they are operationalising it at scale. Organisations should stop asking ‘what might agentic AI do’ and start identifying the repeatable security workflows they want automated; for example: incident triage, patrol optimisation, evidence packaging; then measure agent performance against those KPIs. The winners in 2026 will be platforms that expose safe, auditable agent APIs and vendors who integrate them into end-to-end operational playbooks. Digital Twins – Moving from Models to Mission-Critical Decisions Digital twins – the highly sophisticated virtual models that stay synchronised with real-world systems – are also reaching a point of true practicality. The concept is not new. For years, industries like manufacturing and logistics have used digital twins to monitor assets and environments. What’s new is the granularity and scale now possible in security. Organisations such as NVIDIA are utilising digital twins for data centres, integrating cameras, fire alarms, access control and environmental sensors to create a unified, real-time view of operations. Instead of static replicas, we are talking about interactive environments where you can safely test and optimise system behaviour. The value of digital twins goes beyond visualisation and simulation, empowering organisations to monitor, optimise and actively manage the desired state of multiple subsystems in real-time. Imagine running a virtual fire-drill scenario that shows pedestrian flow if a corridor is blocked, or simulating lockout strategies to maintain egress while containing a threat. These are not academic exercises – they directly inform SOPs, layout choices and where to place resilient communications or edge compute. For complex estates (airports, ports, multi-tenant high-rises) a unified digital twin reduces configuration drift, accelerates forensic reconstruction and enables predictive maintenance for critical devices. Looking ahead, the widespread adoption of digital twins is poised to reshape the security industry’s approach to risk management and operational planning. With a unified, real-time view of complex environments, digital twins enable proactive decision-making, allowing security teams to anticipate threats, optimise resource allocation and continuously refine standard operating procedures. Over time, this capability will shift the industry from reactive incident response to predictive and preventative security strategies, where investment in training, infrastructure and technology is guided through simulated outcomes rather than historical events. From Gadgets to Game-Changers: Wearables + AR in Action AR and wearables have had turbulent history, but their resurgence in 2026 will be different – and AI is the reason. AI transforms wearables from simple capture devices into intelligent companions. It elevates AR from a visual overlay to a real-time, context-aware guidance layer. They shift frontline tools from passive to proactive devices that see, listen, interpret the environment, delivering timely insights and support through voice, visual or hybrid interfaces. The momentum behind AR is also reflected in the market. Globally, the AR sector is projected to surge from US$35.8 billion in 2024 to US$233.3 billion by 2030, a compound annual growth rate of 37%. Today, software and services account for the vast majority of AR revenue, highlighting that enterprises are increasingly leveraging AR for operational applications such as training, remote assistance, simulation and real-time decision support. Crucially, these systems speak natural language. A guard can ask, “When was this area last patrolled?” and receive concise, evidence-backed answers or ask the system to replay the last suspicious approach and mark it for later review. This moves wearables from passive recorders to active decision-support tools, increasing situational awareness while keeping hands and attention free. While widespread adoption may still be a few years away, the trajectory is clear. The future of security work will be increasingly wearable – through smart glasses, headsets or other wrist-mounted devices – and powered by conversational, intelligent systems that deliver insights and decision support in real-time. Conclusion – integrate, simulate, augment Across these trends the theme is consistent: AI is the enabler that makes previously hyped technologies operationally useful. For CISOs, facility heads and operations leaders, the practical playbook for 2026 is simple and strategic: prioritise integration (open, auditable APIs), exploring simulation capabilities (digital twins that map to SOPs), and pilot wearable augmentation where it reduces time-to-decision. Success is…

The evolution of AI technology, driven by Generative AI, has accelerated at an unprecedented pace. This year, in particular, its impact has been maximized, shifting paradigms across various industries. This spark of innovation is now extending into the video surveillance sector. Hanwha Vision predicts that 2026 will be a pivotal turning point. We foresee AI moving beyond simple adoption to becoming the essential foundation of the entire industry. Most notably, the emergence of ‘Autonomous AI Agents’ is expected to reshape the very structure and operational methods of video surveillance systems. Amidst these waves of change, Hanwha Vision highlights five key trends that the industry must focus on. These trends signal a future where AI serves as the core engine, elevating video surveillance from simple monitoring systems to central pillars of operational efficiency and sustainability. Trustworthy AI: Data Quality and Responsible Use As AI analysis technology becomes ubiquitous, the principle of ‘Garbage In, Garbage Out’ becomes increasingly critical in video surveillance. Visual noise and distortion caused by challenging environments – such as low light, backlighting, or fog – are primary causes of AI malfunction and false alarms. By 2026, establishing a ‘Trusted Data Environment’ to solve these issues will become the industry’s top priority. With the performance of AI analysis engines leveling up across the board, the focus of investment is shifting toward securing high-quality video data that AI can interpret without error. A prime example is the investment in minimizing noise and distortion in extreme environments through AI-based high-performance ISP (Image Signal Processing) technology and the use of larger sensors. AI-based ISP employs deep learning to differentiate between objects and noise, effectively eliminating noise while optimizing object details to provide real-time data most conducive to AI analysis. Larger image sensors capture more light, which fundamentally suppresses video noise generation, starting from low-light conditions. Hanwha Vision’s 2nd Generation P series AI Cameras feature a Dual NPU design, the Wisenet 9 chipset with AI-based image enhancement, and a large 1/1.2” sensor, guaranteeing crystal-clear images optimized for AI analysis even in the harshest environments. In parallel, as the ethical use of AI becomes a major concern, the mandatory adoption of AI governance systems is approaching. Global standards, such as the European Union’s AI Act, classify video surveillance AI used in public safety as High-Risk technology. This imposes a legal obligation on manufacturers to ensure Transparency in AI from the design phase, accelerating the industry’s push to build genuinely trustworthy AI. Furthermore, Hanwha Vision plans to upgrade its WiseAI app leveraging its capabilities in trusted data acquisition. Specifically, we will add an Auto Calibration feature that determines the distance information of a scene to enhance data reliability, and new AI event features to analyze abnormal behaviors like fighting and falling will be included in the 2026 product releases. The AI Agent Partnership, From Tool to Teammate As AI evolves from simple detection to an agent capable of analyzing complex scenarios and proposing initial responses, the role of the monitoring operator is set for a fundamental overhaul. Humans will delegate repetitive surveillance tasks to AI Agents and focus on more critical, high-level functions. While previous AI systems in video surveillance merely reduced the operator’s workload by automating repetitive tasks like object search, tracking, and alarm generation, the AI Agent takes this a step further. It autonomously conducts complex situational analysis, automatically executes an initial response, and recommends the most effective follow-up actions to the monitoring operator. For example, an AI Agent can independently assess an intrusion, initiate preliminary steps such as sounding an alarm, and then propose the final decision options (e.g., whether to call the police) to the operator. Simultaneously, it automatically generates a comprehensive report detailing real-time video of the intrusion area, access records, a log of the AI’s initial actions, and suggested optimal response strategies. The evolution of AI technology, driven by Generative AI, has accelerated at an unprecedented pace. This year, in particular, its impact has been maximized, shifting paradigms across various industries. This spark of innovation is now extending into the video surveillance sector Consequently, monitoring operators will transition into the role of commanders, making final decisions that require nuanced judgment, complex analysis, and consideration of legal and contextual implications. They will also take on the role of an AI governance manager, transparently tracking and supervising all autonomous actions and reasoning processes executed by the AI Agent. This essential function, which prevents system misuse, demands a significant elevation of the monitoring operator’s skill set. Driving Sustainable Security The explosive growth of generative AI is accelerating a ‘Technological Energy Crisis.’ According to IEA reports, power consumption by data centers is projected to more than double by 2030 due to the rising demand for AI servers. The video surveillance industry is at a crossroads where it can no longer prioritize performance without limit, facing the dual challenge of surging high-resolution video data and the computational burden of Edge AI. Consequently, Sustainable Security, which prioritizes operational longevity and minimizing environmental costs, is set to become a core competency for achieving TCO (Total Cost of Ownership) reductions and meeting ESG goals. To realize sustainable security, the industry is commonly moving towards developing ‘low-power AI chipsets’ that drastically reduce power consumption while preserving high-quality imaging and AI processing power. It is also prioritizing technologies that ensure data efficiency directly on the edge device (camera). For instance, Hanwha Vision‘s AI-based WiseStream technology maximizes video data management efficiency, contributing to lower power consumption. It intelligently separates regions of interest from non-interest within the video and adjusts the compression ratio based on importance. This maximizes traffic efficiency while securely retaining all necessary information. Furthermore, cameras equipped with Wisenet 9 have improved baseline data transmission efficiency by reusing images from static regions. These intelligent data management strategies simultaneously meet both performance and efficiency demands and are regarded as the most effective means to directly reduce the power consumption required for server expansion and cooling systems. Smart Spaces Powered by Video Intelligence With AI integrated into cameras and advances…

Lt Gen Sudhir SharmaPVSM, AVSM, YSM, VSMChairman, MitKat Advisory The turbulent geopolitical landscape of 2025 marked a discernible shift in India’s external security environment. The shadows of the events of the past year will have a telling effect on the risks and opportunities that will shape the trends for 2026. A fragmented global order, persistent conflicts in Europe and West Asia, intensified big power rivalry in the Indo Pacific, weaponisation of trade and controlled access to high technology have squeezed out much of the strategic space, giving rise to volatility and ambiguity, which impinges on India’s desire for strategic autonomy. As we enter 2026, we are no longer navigating a familiar world of stable alliances but a fragmented world order where national sovereignty and economic security are fluid and transactional. For business leaders this represents a dynamic shift from managing ‘growth’ to managing systemic disruptions and contending with hyper-nationalism. On India’s Western front, the short but intense conflict with Pakistan in 2025 has driven relations to their lowest point in decades. Terrorism remains a top risk, and deterrence is fragile. The tense standoff could escalate into skirmishes or a larger confrontation, requiring a recalibration of India’s security architecture. Concurrently the Eastern Sector bordering Bangladesh presents its own set of diverse security challenges. Relations with Bangladesh shifted sharply in 2025, driven by political instability, consequent to the ouster of the Awani League. The widening trust deficit and the overheated internal situation in Bangladesh poses a significant threat to Indian Interests. The forthcoming elections (if held fairly and objectively) will be a litmus test for the internal stability of Bangladesh. Pre and post poll violence are most likely and may have a ripple effect in India. Relations between the countries will continue to be strained and tense in 2026, seriously impacting transit and business growth. On a positive note, the relations with China remained comparatively stable and have shown limited but notable improvement in 2025, and the thaw is likely to continue in 2026, giving rise to business opportunities and some synergy in approach to global issues. The resumption of direct flights and an easier visa regime could provide the momentum for business growth and tourism. Though trust deficit remains high, it is likely that India’s relations with China may mature to one of cautious but competitive coexistence. This would require sustained confidence building measures from both sides. India-United States relations will remain a central pillar of India’s external engagement in 2026, though it will be marked by greater complexity and some irritants. Strategic convergence in defence, technology and the Indo-Pacific is expected to continue, despite the tariff related concerns and frictions. QUAD is expected to strengthen, with a sharper technological and security focus. Simultaneously, India will deepen engagement with BRICS and the Global South, balancing strategic autonomy with diplomatic flexibility – a critical tightrope in a fractured world. Internally the risks confronting India in the coming year will be shaped by the interplay of political polarisation, governance pressures and socio-economic disparities. Left-wing extremism is waning and may be eliminated by 2026, bolstering internal security. However, high-stake state elections could trigger unrest and stress governance systems. Despite external fragility, India enters 2026 with strong economic fundamentals, infrastructure upgrades, and a growing role in global manufacturing and technology ecosystems. Realignment of global supply chains offers opportunities India is well-positioned to seize. Structural reforms in the nuclear energy sector will give a boost to India’s energy mix and improve the overall energy-security paradigm. As we look ahead, 2026 is likely to be a year of continued external fragility, yet a resilient internal security framework, coupled with a buoyant macro-economic outlook. India can look forward to a period of sustained growth and stability, overcoming moderate internal challenges and governance pressures. Advances in AI, semiconductors, and manufacturing will further propel growth. India will need great acumen in navigating an increasingly polarised world order, while maintaining its strategic autonomy, and safeguarding its national interests. The year 2025 for India was characterized by acute security shocks, tightening geoeconomic headwinds, and mounting climate and public-health pressures even as the country deepened strategic partnerships, consolidated its role as a regional corporate and digital hub, and pressed ahead with institutional reforms. A multi-domain crisis with Pakistan, persistent maritime insecurity, resurgent piracy, Red Sea cable disruptions, and a sharp U.S. tariff shock underscored a risk environment in which episodic external triggers rapidly translate into domestic operational disruption. Domestically, intensified communal polarization, sector-wide labour actions, reservation mobilizations, and urban infrastructure fragility combined with scaled AI-enabled cyber-fraud to raise the baseline of day-to-day risk for businesses and communities. Looking ahead to 2026, the outlook is one of cautious resilience – external ties will be marked by strategic convergence with the United States amid trade and mobility frictions, managed competition with China, and fragile deterrence with Pakistan; internally, policy continuity will persist alongside execution gaps, uneven state-level governance, and climate-driven stress on assets and services. As we enter 2026, we are no longer navigating a familiar world of stable alliances but a fragmented world order where national sovereignty and economic security are fluid and transactional. For business leaders this represents a dynamic shift from managing ‘growth’ to managing systemic disruptions and contending with hyper-nationalism Geopolitically, India-China relations exhibited cautious stabilization. Corps Commander dialogue continued, high-level political contacts resumed, and direct commercial flights were reinstated after five years, reducing immediate confrontation risk along the Line of Actual Control (LAC). Yet structural constraints – including PLA consolidation in Tibet, new hydropower activity on the Yarlung Tsangpo, and recurring cyber and financial-security frictions – kept the relationship within a framework of tactical engagement embedded in strategic competition. With limited verifiable disengagement on the ground, ties in 2026 are likely to remain managed rather than normalized. By contrast, India-Pakistan relations entered their most volatile phase since 2019. The April Pahalgam massacre in Jammu & Kashmir precipitated Operation Sindoor – targeted Indian missile and air strikes on terrorist infrastructure in Pakistan-Occupied Kashmir (PoK) – followed by intensified Line of…

It came as a surprise that this is the 10th time that we’ve looked at the technology trends that we think will affect the security sector in the coming year. It feels like only yesterday that we sat down to write the first – a reminder of how quickly time passes, and how fast technological progress continues to move. Something that’s also become clear is that a completely new set of trends doesn’t appear year-on-year. Rather, we see an evolution of trends and technological developments, and that’s very much the case as we look towards 2026. Technological innovations regularly arrive, which impact our sector. Artificial intelligence, advancements in imaging, greater processing capabilities within devices, enhanced communications technologies…these and more have impacted our industry. Even technologies which still seem a distance away, such as quantum computing, may have some potential implications in the near-term in preparing for the future. While we focus here on tech trends, it’s worth highlighting a shift that we’ve seen in recent years: the increasing involvement and influence of the IT department over decisions related to security and safety technology. The physical security and IT departments now work in close collaboration, with IT heavily involved in physical security purchasing decisions. That influence, we feel, is central to the first of our trends for 2026… ‘Ecosystem-first’ becomes an important part of decision making At a fundamental level, the greater influence of the IT department is changing the perspective regarding security technology purchasing decisions. We call this an ‘ecosystem-first’ approach, and it influences almost every subsequent decision. Today, however, we start to see a trend that the first decision is increasingly defined by the solution ecosystem to which the customer wants to commit. In many ways, it’s analogous to how IT has always worked: decide on an operating system, and then select compatible hardware and software. The ecosystem-first approach makes a lot of sense. With today’s solutions including a greater variety of devices, sensors, and analytics than ever before, seamless integration, configuration, management, and scalability is essential. In addition, product lifecycle management, including, critically, ongoing software support, becomes more achievable within a single ecosystem. Committing to a single ecosystem – one offering breadth and depth in hardware and software from both the principal vendor alongside a vibrant ecosystem of partners – is the primary decision. The ongoing evolution of hybrid architectures A hybrid architecture as the preferred choice isn’t new. In fact, it’s something we’ve highlighted in previous technology trends posts. But it continues to evolve. Sometimes evolution can seem quite subtle. In reality, we’re seeing some fundamental shifts. We’ve always described hybrid as a mix of edge computing within cameras, cloud resources, and on-premise servers. While that’s still the same today, what’s changing is the balance of resources, as capabilities are enhanced and new use cases emerge. Edge and cloud are becoming much more significant, with the need for on-premise server computing resources reduced. This is largely a result of enhanced computing power and capabilities within both cameras and the cloud. More powerful edge AI-enabled surveillance cameras can, put simply, handle more than ever before. Improved image quality, the ability to more accurately analyze scenes and create valuable metadata have seen cameras take on tasks previously handled on the server. Similarly, with such a wealth of data being created, cloud-based resources have the analytical power required to surface business intelligence and insights to enhance operational effectiveness. There can still be legitimate reasons to retain some on-premise resources, such as network video recorders, but the true value is increasingly coming from edge devices and cloud resources. Ultimately, it’s a trend that meets both the IT department’s drive for efficiency, the security team’s desire for solution quality and effectiveness, and the data integrity and security needs of both. But, even if hybrid architectures are a trend, we must not forget that a vast majority of all solutions are still very much on-prem solutions, and this will be the case for a long time. The increased importance of edge computing In many sectors, like the automotive industry, the need and potential for edge computing has only been recognized relatively recently. As regular readers will know, however, the value of increased computing resources within devices at the edge of the network has been a feature of our technology trends predictions for several years. Enhanced capabilities mark the beginning of a new era of edge. In many ways, the increased importance of edge computing is directly related to the evolution of hybrid architectures described in the previous trend. When hybrid solutions have included edge, cloud, and server technologies, the full potential of edge AI hasn’t always been fully realized. With on-premise servers able to support some tasks, there has been less motivation to move these to the edge. This is already changing and will accelerate over the coming year. This is in part due to the enhanced AI available to the edge, within devices themselves. The discussion and decisions about where to deploy AI across surveillance solutions – using the strengths of edge AI in devices and the power of cloud-based analytics – has brought focus to the capabilities of cameras and the increasing variety of edge AI-enabled sensors. These bring benefits in both effectiveness and efficiency. Edge processing generates both business data – actionable insights derived directly from the scene – and metadata, which describes the objects and scenes within it. This information has become the basis for efficient scaling of system functionality, such as smart video searches, and for generating system wide insights. Edge processing enables a much smoother scaling of system compute performance, as the system performance grows with each added edge device. The arguments against moving more to the edge, such as cybersecurity challenges, have diminished. With the strong cybersecurity capabilities of edge devices, such as secure boot and signed OS, they now have become a strong part of the overall system security solution. Mobile surveillance on the rise Mobile surveillance solutions, like mobile trailers, aren’t a trend…

Siddharth DahiyaCEO, Peregrine Guarding As we move into 2026, the security industry is going through a major shift. Earlier, security was mostly seen as guarding buildings, managing entry points, and responding to incidents. Today, the role of security has expanded much beyond that. It is becoming smarter, more technology-driven, and deeply connected to how businesses function. With growing urbanisation, digital operations, and rising expectations around safety, the industry is now focused not just on protection, but on prevention, planning, and continuity. Technology is playing a very important role in this change. Tools like intelligent cameras, remote monitoring systems, and automated alerts are becoming part of everyday security operations. These systems help detect unusual activity early, support faster responses, and reduce dependence on manual processes. Security teams are increasingly working in environments where technology and manpower go hand in hand. The presence of trained professionals on the ground remains essential, but their effectiveness is being strengthened by digital systems that offer real-time visibility and better control. At the same time, the nature of the security workforce is also evolving. The security professional is no longer expected to only patrol or stand at a gate. There is now a much stronger focus on training and upskilling. Personnel are required to handle smart devices, use mobile-based reporting tools, understand basic data, and interact more confidently with clients and employees. This shift is pushing the industry to invest more in continuous learning, structured development programs, and long-term career paths. Another important development is the growth of centralised and remote security operations. Instead of managing everything from individual locations, more organisations are moving towards command centres that monitor multiple sites at once. These centres bring together surveillance, incident management, and response coordination on one platform. This model is becoming far more common, helping businesses improve coverage, strengthen oversight, and respond faster to risks. It also allows on-ground teams to work with better information and support, making security operations more proactive rather than reactive. The way businesses look at security is also changing. Security is no longer being treated only as a cost or a support function. It is increasingly being seen as a critical part of business continuity, infrastructure planning, and risk management. Strong security frameworks help protect assets, ensure employee safety, support compliance, and maintain brand trust. Going forward, security leaders will be more involved in strategic discussions, contributing insights that go beyond day-to-day operations and into long-term planning. With the rise of digital systems, data is becoming a central part of security management. Access records, visitor information, camera analytics, and incident logs are now key decision-making tools. This makes data protection, transparency, and regulatory compliance extremely important. Organisations will place greater focus on building secure data practices, reliable reporting structures, and audit-ready processes. Trust, accountability, and responsible handling of information will become just as important as physical safety. Equally important is the growing attention on the people behind security services. The industry is recognising that a motivated and supported workforce is the foundation of strong security. Better healthcare support, mental well-being initiatives, stable working conditions, and timely recognition are becoming more central to workforce strategies. When security personnel feel valued and secure themselves, the quality of service improves naturally. This people-first approach will play a major role in shaping the industry’s future. Looking ahead, the security industry will be defined by its ability to adapt. The future belongs to organisations that can combine trained manpower, smart technology, and responsible practices into one integrated system. Security will no longer be limited to protection alone. It will stand for preparedness, resilience, and confidence in a fast-changing world.

Vivek SrivastavaCountry Manager, India & SAARC at Fortinet Industrialized Cybercrime and the Acceleration of the Attack Life Cycle The 2026 Cyberthreat Predictions Report continues Fortinet’s ongoing analysis of how technology, economics, and behavior intersect to shape global cyber risk. The picture emerging for 2026 is one of acceleration. Adversaries will increasingly operate as industrial systems, using automation, specialization, and AI to scale both attack speed and reach. For CISOs and security leaders, this means re-architecting defenses to operate at the same speed as adversaries. Security programs designed for linear response can no longer keep pace with an ecosystem characterized by parallel automation and rapid exploitation. The coming year will not be defined by a single new technique or malware strain, but by the refinement and industrialization of those that already exist. We expect threat actors to focus less on innovation and more on throughput – the ability to move from reconnaissance to monetization in the shortest possible time. This shift is reshaping the economics of cybercrime and forcing defenders to compress detection and containment cycles across every environment. In practice, this means: Together, these scenarios illustrate a single reality – Velocity now defines risk. As the line between human and machine operations blurs, both attackers and defenders are adapting to an environment where milliseconds can define outcomes. FortiGuard Labs’ 2026 predictions explore this evolution from multiple perspectives – how adversaries are industrializing, how defenders are adapting, and how collaboration across public and private sectors will shape deterrence and resilience in the years ahead. The unifying theme across these predictions is convergence. Offense and defense now evolve through the same forces – AI, automation, and the cloud – each shaping the other’s rate of adaptation. The contest ahead will be decided less by who has the most advanced tools than by who can integrate intelligence, technology, and decision-making into a single, continuous system. Executive summary The global threat environment in 2026 will be defined by speed, automation, and scale. Cybercrime will continue to mature into a structured industry supported by specialized roles, automated toolchains, and AI-driven decision-making. Attack groups will increasingly operate more like enterprises than independent actors, measuring success not by innovation but by throughput such as the rate at which they can turn access into profit. For defenders, this represents a pivotal shift. Security operations can no longer rely on static configurations or periodic assessments. To address today’s rapidly evolving challenges, they must operate as an adaptive system, continuously learning, adjusting, and responding to real-time conditions. Two forces are driving this evolution. The first is the industrialization of cybercrime, as automation and AI integrate into every stage of attack development and deployment. The second is the acceleration of the attack life cycle, in which the time between compromise and consequence continues to collapse. Attackers who once needed days to monetize access can now do so in hours by automating reconnaissance, data analysis, and extortion. These changes are already visible. A compromised cloud workload may trigger an AI-driven privilege escalation script within seconds. A stolen database can be quickly parsed by generative AI (GenAI) to identify high-value records before the victim even realizes the breach has occurred. Pre-infected botnets and access brokers now provide turnkey infrastructure for ransomware affiliates, enabling near real-time campaign launches. For defenders, the implication is clear. Threat intelligence, exposure management, and incident response must operate as one continuous system. Readiness will increasingly be measured by the ability to act at AI-level speeds to translate threat intelligence into containment before disruption occurs. This report examines both sides of that equation. The Adversaries section explores how attackers are industrializing their operations, while the Defenders section focuses on how organizations can operationalize threat intelligence and automation to match that velocity. Together, they point to a single conclusion: The contest between offense and defense has become a race of systems, not individuals. Update on predictions for 2025 Many of the developments forecast in FortiGuard Labs’ 2025 Cyberthreat Predictions Report have materialized faster than expected. What were emerging patterns a year ago – AI-assisted threat operations, Crime-as-a-Service (CaaS) specialization, and geopolitical fragmentation – are now defining characteristics of the global threat landscape. AI in operational use The 2025 report predicted that AI would move from experimentation to full operational deployment. That shift has already occurred. GenAI is routinely used for social engineering, credential harvesting, and automated scripting. The next phase, now emerging, involves autonomous agents capable of managing multiple attack functions without human input. Expansion of CaaS models Integrated underground economies have matured into platform-style marketplaces. Access brokers, data resellers, and malware developers now operate as interconnected suppliers, allowing smaller actors to launch sophisticated attacks with minimal resources. Target diversification Predictions of expanded targeting across operational technology (OT), cloud, and supply chains have proven accurate. Ransomware groups increasingly blend data theft, disruption, and extortion, often striking multiple tiers of vendors simultaneously. Critical infrastructure and healthcare remain disproportionately affected, particularly in areas where modernization has outpaced security. Data as a primary asset Data theft has transitioned from a byproduct of intrusion to a monetized commodity. AI-driven analysis now converts raw data into actionable intelligence, turning information into a currency of extortion and influence. Together, these developments confirm a broader shift from opportunistic attacks to structured operations. Industrialized cybercrime, once a projection, has become the baseline from which new threats emerge. The next phase of attack: 2026 offensive capabilities predictions As 2026 unfolds, cybercrime continues to industrialize. Automation, AI, and specialization will continue to converge, enabling attacks to be produced at scale. FortiGuard Labs anticipates several developments across offensive capabilities. AI-enabled cybercrime agents The defining change of 2026 will be the emergence of purpose-built, autonomous cybercrime agents. These systems will extend far beyond the early FraudGPT, WormGPT, and similar models seen on underground forums in 2025. Designed for specific operational tasks such as credential theft, phishing, or lateral movement, these agents will execute against entire segments of the attack chain without requiring human oversight. This shift will drive an explosion in capacity….

The global security landscape in 2023 was characterized by the tumult as the world continued to witness geopolitical shifts while contending with internal developments – often resulting in an interwoven and complex nexus. In line with predictions, the engines of the global economy fired back up in the aftermath of the COVID-19 pandemic, with expectations of a new, more resilient framework driving it. However, what the world witnessed were multi-faceted ramifications that presaged a spiraling global crisis fueled by the escalation and perpetuation of regional conflicts, primarily those between Russia and Ukraine, and in Israel and Palestine. These evolving geopolitical dynamics have also impeded efforts towards global cooperation at a time when it is a sine qua non. A resurgence of carbon emissions, an unrelenting cost-of living crisis, and food and fuel shortages have exacerbated social divisions and caused unrest. Economic deceleration impacted countries across the world, often influencing political and policy decisions, while having a bearing on bilateral relations as well. Curtailed government spending, EXIM controls, and rate revisions came to characterize economic decisions across the world, forcing businesses to calibrate decision making to navigate through new realities. India was not insulated from these global shocks, with its rising position in the global order placing it on a ringside seat to view, judge, and influence international developments. India’s G-20 Presidency in 2023 was testament to its pedigree as a growing international power, and the astute diplomacy it has practiced aided in weathering multiple difficult global challenges. Regardless, extant risks continued to pose governance challenges, while new risks developed in 2023 which will influence decision-making in the years to come. On the geopolitical front, deteriorating relations with Canada dominated headlines after the latter accused the Indian government of involvement in the murder of Hardeep Singh Nijjar, a Canadian citizen allegedly involved in Khalistani activities. Over the course of a highly charged October characterised by assertions and censures, both the countries engaged in tit-for-tat moves that involved suspension of visa services and recalling of diplomats. Since then, however, the rhetoric employed by both governments has softened, and refocused on narratives of cooperation and friendship. Relations with China could best be described as a hostile peace – an absence of physical conflagrations must not be equated with a thawing of hostilities. The continued construction of military and civilian infrastructure near the border in Arunachal Pradesh, the failure to gain meaningful ground on negotiations pertaining to de-deployment in the Ladakh theatre, and a virtual status quo in the overall situation meant that ties remain tense. Relations with Pakistan did not witness any significant deterioration or improvement, with internal political and economic instability taking the limelight. Continued cooperation in the domains of trade, commerce, and culture put India in a strong position in the Asia-Pacific region, which will be crucial in the year ahead as the situation in the South China Sea steadily heats up. India also kept up cooperation with its QUAD allies as both North Korea and China deployed an aggressive military posture in the larger region. “The past year was marked by increased global strife and geopolitical uncertainty. In a ‘World Adrift,’ the brutal Hamas Israel war put further strain on an already fragile and fragmented world order. As a large number of countries align themselves against the US-Israel nexus in this conflict, the US influence may wane, giving the China-Russia axis more traction. India, which sits at the cross roads of its strategic partnership with US on one hand, and Russia on the other, would need to take some difficult geo-strategic decisions within the framework of its geographical compulsions and overarching national interest. The early pointers to these shifting sands can be seen in the postponement of the QUAD summit planned for January 2024, and the apparent inability of President Biden to be the Chief Guest at India’s Republic Day Parade. The high of successfully hosting the G20 summit by India in 2023 was soured by the accusation by Canada that Indian government-sponsored agents had plotted and killed a Canadian citizen on their soil. Followed closely on the heels of this diplomatic discord was the more damaging disclosure by USA of a failed but allegedly Indian Government supported rogue action to kill an American citizen. Both were avowed separatists with a strong anti-India stance. While these incidents are still unravelling, they have the potential to hamper or at least dent Indo-US strategic relations and if proved, will damage India’s diplomatic stock in the eyes of the Western world. On the domestic front the upcoming general elections in the first half of 2024 are likely to be very polarizing and intense. Some degree of violence and conflict in some sensitive constituencies is possible. Elections are also planned for J&K, and would need deft handling as they would be under national and international spotlight. Elections in Pakistan and Bangladesh in 2024 would also have an impact in the region. On the internal security front, the uptick in terrorist attacks in J&K is likely to continue and may increase in the buildup to elections, further exacerbating India-Pakistan relations. Continued unrest in Manipur and Naxal-dominated areas will stretch the security apparatus in 2024. The overall economic outlook is robust, with satisfactory macro-economic indicators. However there is a continued need to tame inflation and create more job opportunities for the young and restive population of the country. Higher adoption of technology, continued digitalization and generative AI are all likely to give a major boost to the economy. The increasing pace of Apple products manufacturing in India, and possible entry of Foxconn, would also be a catalyst to the manufacturing sector. Overall the year 2024 is likely to be stable, but challenging both domestically and on the geopolitical front. Economic growth which is reasonably insulated, will continue to make India the best performing major economy in 2024. The outcome of the watershed general elections would define India’s future for rest of the current decade.” Lt Gen Sudhir Sharma, PVSM, AVSM, YSM, VSM, Chairman, MitKat 2024…

FICCI and Pinkerton publish the India Risk Survey (IRS) report to identify possible business risks and difficulties prevailing in the Indian business landscape. The survey identifies 12 key areas of concern for businesses and 5 emerging risks that might seriously damage India’s business ecosystem. The results are derived from a survey that involved stakeholders and business executives from various industries. The India Risk Survey Report is frequently seen as a significant predictor of the risks that Indian firms must deal with. Businesses use the report to evaluate their risk exposure and decide how to operate in India. In addition, the media and decision-makers frequently use the survey’s conclusions as proof of the difficulties experienced by Indian entrepreneurs. The India Risk Survey Report gives valuable information about the risks that firms face, like Natural Hazards, Information & Cyber Insecurity, Intellectual Property Theft, Fire, and Crimes, and enables them to make defensible choices regarding their operations. Surpassing the risk of Natural Hazards and pandemics, the risk focus has drastically shifted to Intellectual Property Theft and Information & Cyber Insecurity due to the increasing interconnectivity of businesses’ reliance on technology, and the vast amounts of data that are now stored electronically. Offices have been replaced by hybrid working arrangements, and growing digitization has accelerated the threat. Cases of industrial accidents along with road accidents have been rising as they occur suddenly and without warning, often causing extensive damage to property and equipment. They can also lead to injuries or even fatalities, leading to both reputational and revenue damage for the business. While business espionage is not a new phenomenon, but it has become more prevalent in recent years as the world of business has become more globalized. Companies are now operating on a much larger playing field and there is more at stake. The goal of this survey is to identify potential risks in the context of a changing global environment, allowing business leaders to assess their circumspection for disruptive events like rapid digitalization, accidents, and business espionage, in the future and to ameliorate risk mitigation techniques. Nonetheless, based on each industry’s risk appetite and current risk mitigation plans, the risks identified and their effects may differ from one to the next. The survey’s outcome should help organizations create a 360-degree risk management strategy that will allow them to foresee and prepare for any eventuality, limit interruption, and protect against any risks in advance. Rohit Karnatak Vice President – India APAC & EMEA Global Screening, Pinkerton The India Risk Survey has successfully reached its 10th year milestone, and I feel very proud to say that this survey report has helped many organizations (both private and public sector) in identifying, safeguarding themselves from the potential or prevailing risks in this dynamic business environment and also helps them to create a strategy for their risk governance.Over the years as we introduced the Pinkerton Risk Wheel which has now matured to a more comprehensive risk governance. Risk governance involves how effectively organizations are managing risks by establishing policies, procedures, and frameworks so that the business operates in a responsible and sustainable manner. Effective risk governance is when it is implemented at the planning and strategic level of the decision-making process in an organization. To make it more effective, one should engage with subject matter experts or consulting firms who have expertise in the risk advisory domain. This year’s risk survey has outlined the top 3 risks which are Intellectual Property Theft, Information & Cyber Insecurity, and Accidents ranked in that order. The industry leaders ranked Intellectual Property (IP) Theft as the risk which is the most prevalent threat to their business. Until 2019, IP Theft was not a part of the top 5 risks, but from 2021 it started to emerge among the top 3 risks and finally making to the number one risk this year. When we delved deeper, we could understand that the Indian businesses are understanding the processes, innovations and techniques too are valuable to a business and thus needs to be adequately protected. In the initial years of the report, most businesses only identified counterfeiting of products or violation of trademarks as an IP risk. The manufacturing of a product or the process of a service both are like soft power and need protection as much as the counterfeit product/service that may have been introduced in the market. Pinkerton globally have been focusing on this risk and have been helping organizations make strategies to protect these Intellectual Properties via with the help of Pinkerton’s Global Investigation Services with a dedicated service line of Intellectual Property Protection Service. India Risk Survey 2022 also highlights the top 5 emerging risks which have been prevailing in this past year of 2022 and posed a threat to businesses. The most prevalent emerging risk was the ‘Safety and Security of Key Personnel,’ This risk has emerged at the top because of the threats present for the C-Suites and Directors both internally as well as externally of their business premises. The need for a safe work environment along with the safety & security required during the executive’s business travels has increased manifolds in recent times and therefore, organizations are opting for Executive Protection Services to protect their key personnel from these threats. If an organization keeps risk governance at the center when planning their risk strategies and looks beyond the realm of just compliance, it will help the organization to have an effective, comprehensive risk mitigation covering all four quadrants of risk. We hope that the report will add value to your organization’s risk governance strategy. SUMMARY Each year, the India Risk Survey (IRS) gathers 12 risks that, in the opinion of business enterprises and subject-matter experts, represent the most significant threats that might disrupt Indian business operations. To comprehend and evaluate each risk independently and to conduct analysis, the survey employs the Pinkerton Risk Wheel structure. The Pinkerton Risk Wheel has four different risk categories. Based on the type of threats, the risks are classified. Each…

Rajesh Maurya Regional Vice President, India & SAARC, Fortinet The 2021 State of Operational Technology and Cybersecurity Report from Fortinet finds that operational technology (OT) leaders continue to face cybersecurity challenges, some of which were exacerbated by the shift to work from home due to the pandemic. The pandemic also accelerated IT-OT network convergence for most organizations, which correlates to other CEO reports that indicate that pandemic-related changes have accelerated digital transformation, putting organizations years ahead of where they would have expected to be at this point. Many organizations had to increase their technology budgets to accommodate the move to remote work. And as a result of the many changes brought about by the pandemic, many OT leaders are looking for new ways to streamline processes and reduce costs. As noted in the 2020 report, the momentum for OT-IT network convergence was already happening pre-pandemic, but the effects of the pandemic accelerated digital transformation and increased the need for connectivity. Employees were required to work from home and OEMs and system integrators were hampered by their inability to travel to service equipment. Getting on-site became much more difficult, so the pandemic clearly increased the need for third-party secure remote access. Overcoming these challenges increased both costs and risks. In 2021, we saw a change in respondents away from manager of manufacturing to more VP and director level. The responsibility for OT is shifting away from VP or Director of network engineering to CISOs and CIOs. Additionally, there were more security operations centers (SOCs) and significantly more network operations centers (NOCs) in place in 2021 than the prior year. As we have in previous years, we also compared the practices of respondents who had seen zero intrusions in the past year with those who had 10 or more intrusions. We again found that ‘top-tier’ OT leaders were significantly more likely to adhere to a number of best practices, including: Leveraging orchestration and automation and using predictive behavior. Tracking and reporting the financial implications of cybersecurity to the business. Reporting compliance with industry regulations and scheduled security assessments. Adhering to cybersecurity best practices helped top-tier OT organizations better withstand the technology changes, threats, and vulnerabilities that occurred during the pandemic. METHODOLOGY FOR THIS STUDY This year’s State of Operational Technology and Cybersecurity Report is based on a survey conducted from February 24 to March 1, 2021. The questions mirrored those asked in similar surveys in 2019 and 2020. Respondents work at companies involved in four industries: manufacturing, energy and utilities, healthcare, and transportation. All are responsible for some aspect of manufacturing or plant operations and occupied job grades ranging from manager to vice president. This study utilizes data from the survey to paint a picture of how operations professionals interact with cybersecurity in their daily work. The analysis looks at this year’s data and compares it with results from prior years and identifies several overarching insights about the state of the industry. We then delve more deeply into the data, identifying best practices more commonly used by ‘top tier’ organizations – those who have experienced 0 intrusions in the past 12 months versus those that have seen more than 10 attacks in the same period. INTRODUCTION The operational technology (OT) market is expected to continue to grow through 2027 at a CAGR of 6.40%, which is no surprise because OT makes it possible for the world’s factories, energy production and transmission facilities, transportation networks, and utilities to function. To boost operational efficiency and profitability, many OT companies have been integrating OT infrastructure such as supervisory control and data acquisition (SCADA) systems with IT networks. Competitive pressures are driving an urgency to reduce costs and increase efficiencies in a variety of ways such as: Utilizing digital twins to reduce risks supporting asset performance management (APM). Increasing overall equipment effectiveness (OEE) to drive increased manufacturing yield. Shifting from calendar-based to condition-based maintenance to minimize lost production associated with service outages. Increasing asset availability and reliability. Digitization of paper record-keeping and service reports for service and maintenance activities. These and other digital transformation initiatives have led to innovations requiring new platforms and new ways for people to work than they have in the past. That change in workstyles was exacerbated with the sudden need for employees to work from home. Although the move to remote work is a significant example of digital transformation, the array of systems and processes affected as a business digitally innovates spans all of OT. All the improved agility and efficiency that comes from OT-IT network convergence also comes with increased risks. The diminishing presence of the ‘air gap’ between OT net works and IT systems means the OT infrastructure is subject to all of the threats that IT systems have traditionally faced. Worse, the attack surface for an OT system can comprise Industrial Internet of Things (IIoT) devices, which control critical systems that can have potentially dire health and safety consequences if they are breached. A majority of OT leaders report the maturity of their security posture as at least Level 2 access, which means they have established visibility, segmentation, access, and profiling. At Level 2, they have complete role-based access and are working to achieve zero trust by enforcing multi-factor authentication. In fact, 99% of surveyed respondents were above Level 0, which means only 1% have absolutely no visibility or segmentation in place in OT. Although progress is being made, there is room to grow. Most OT organizations are not leveraging orchestration and automation and their security readiness was further taxed by the COVID-19 crisis. OT-IT network convergence coupled with an ever increasing advanced threat landscape and coping with pandemic-related issues made it even more difficult for OT leaders to stay ahead of adversaries. Although following security best practices takes time and money, those organizations that did were better able to withstand the changes brought about by the pandemic. INSIGHTS FOR OT SECURITY As noted, OT leaders continued to struggle with changes related to OT-IT convergence. Additionally, the…

The year gone by will for long be remembered as one of the most tumultuous years for the world in living memory. India’s economy was already under considerable strain and was showing early signs of systemic fault lines. The arrival of the pandemic at the beginning of the year and its quick spread exacerbated the already fragile situation, pushing the economy towards a downward spiral and into a recessionary mode. The economic shock and disruption caused by COVID-19 had a more telling and crippling effect on the unorganised daily wage sector and migrant workers, triggering a painful dislocation and social upheaval, causing much anguish and distress in rural India. In comparative terms, despite its dense population and fragile health infrastructure, India had till date managed the pandemic satisfactorily, especially so in respect of its fatality ratio. On the geopolitical front, India had a major spat with China after nearly sixty years. Large, heavily armed forces of both sides are as of now locked in a tense stand-off. Any military miscalculation or foolhardy adventure by either side can quickly snowball into a sharp and escalatory conflagration. An objective strategic assessment would suggest that both sides are on even terms, with perhaps a slight tactical advantage to India, allowing it a stronger negotiating posture. Going forward in the next year, one does not foresee any significant changes in the prevailing ground position. Any scope for de-escalation and disengagement can only happen at the highest political level of both sides. The chances of that happening soon are dim, as there is too much at stake for either side to show weakness. A stalemate in the near term is therefore more likely. India would have to be very alert once the campaigning season restarts in June, and both sides jockey for tactical advantage. One thing is for sure, that the clash had brought India and the USA closer together strategically and militarily. This relationship is likely to endure even under the Biden administration, as containing China by all possible means would continue to be the fundamental plank of US policy in the Indo Pacific. The clash had also given an impetus to the QUAD grouping; and the recent joint naval exercises are a pointer to a seriousness of intent. In the coming year, more developments and growth in QUAD and QUAD plus can be expected. Indo-Australian relations, both military and economic, will see an upward swing as Australia and China appear to be drifting apart. The UK, having left Brexit, will look towards India for increased trade, and economic relations will be on the upswing. Indian economy is coming out of recession and despite all constraints, is likely to be the world’s fastest growing economy with anticipated growth rate of 8 to 8.5% and going on to 9 plus in the ensuing years. Once the pandemic is fully under control and an effective vaccine is deployed, one can expect things to be hopefully normal by the second to third quarter of next year. Agricultural reforms introduced by the Modi Govt have met with much headwind. Even though the farm laws are technically good for the agricultural sector, sadly the government had brought them in a hurry and without building a reasonable consensus or communicating the benefits/ safeguards to the polity effectively. It is hoped that most of the contentious issues will be resolved. This though will involve very astute and benign handling, or else given the current mood it may spiral out of control. Nearly 5 Indian states go for elections in 2021 with West Bengal being the most crucial, followed by Assam and Tamil Nadu. The results of these state elections will be like a midcourse referendum of the current disposition. A change of government in West Bengal would be a tall ask for the BJP but TMC would definitely be weakened and lose its grip on the state. Whatever be the final result, due to the high stakes and passions involved, violence during the run up and during elections is likely and would need monitoring. 2021 will be a very eventful year, especially in terms of economic recovery, and revival of the travel and hospitality sector. Schools are likely to open early next year if the current COVID-19 declining trends continue. Security scenario on the borders both with China and Pakistan will continue to be tense with distinct possibility of clashes resulting in casualties. A full-scale war or even a sectoral conflict is less likely as both sides are unwilling to escalate matters. As we move forward, security professionals are likely to face dynamic and more evolving security threats worldwide. As leaders have been focusing on recovering from the impact of COVID-19, security concerns related to border conflicts with China and Pakistan, situations of civil unrest, technological risks and consequences of climate change will have its impact besides the non-traditional threats in both the physical and cyber realms. OVERALL BUSINESS CLIMATE FOR 2021 For India, 2020 was a year of multiple reckonings. Between COVID-19, the lockdown and the pandemic’s economic consequences, the standoff in Ladakh, caused by the largest Chinese military mobilisation in memory, farmer protests on the outskirts of the national capital, and even cyclones were crowded out of news cycles. In terms of geopolitical developments, regional tensions are expected to continue. Besides violent clashes between India and China at the Galwan Valley and a border dispute with Nepal, complexities persist with Pakistan. While India had managed to maintain its ties with Nepal, relations with China and Pakistan are likely to remain strained in the same manner. Tensions along both borders will remain top priorities for security establishments, with probability of more clashes along the Line of Actual Control (LAC) and continued cross border infiltration along the Line of Control (LoC). The impact of the 2020 pandemic in India had been highly disruptive as the country had contributed the second highest number of COVID-19 cases. While the market forecasts have predicted a drop of 18.3 percent, the Indian economy shrank…