Jason Baden
Regional VP, A/NZ, at F5
Cyber security will continue to evolve from a defensive perimeter into a living, adapting system. By 2026, organisations will expect their defences to anticipate and respond to threats in real time, guided by machine learning models that study behaviour rather than static signatures. The focus will move from preventing every possible attack to detecting anomalies quickly and isolating them before they cause harm. Security controls will also become more tightly woven into the fabric of computing. Instead of existing as separate layers or tools, they will be baked in from the ground up. And transparency will be critical. Boards and regulators will demand proof that security decisions are explainable and traceable, not just effective.
2026 will see resilience become the new innovation. Technology investment will be judged less by how ambitious it is and more by how reliable it is. Companies will divert greater effort and resources into strengthening their infrastructure, reducing energy use, and ensuring business continuity through any disruption. The language of growth will shift from “scale at any cost” to “operate with total confidence”. 2026 will see progress measured not only in speed, but in steadiness and the ability to deliver value without interruption.
Vinayak Sreedhar
Country manager ANZ at ManageEngine
2026 will see regulation drive a new wave of convergence across IT and security. As compliance frameworks tighten, particularly around data protection, resilience, and identity management, the traditional divide between IT operations and cyber security will continue to close. Organisations will consolidate tools and teams to improve visibility, strengthen accountability, and simplify processes.
The result will be leaner, better-connected digital environments where governance and security are built into every layer of operations rather than treated as separate functions.
Scott Morris
Managing director for Australia and New Zealand at Infoblox
As cyber threats continue to threaten Australian citizens and critical infrastructure, the government will constantly assess the SOCI Act and the Australian Cyber Security Strategy to look for robust ways to improve legislation. Recent warnings from the Australian Security Intelligence Organisation chief Mike Burgess detailed how nation-state actors are constantly trying to infiltrate critical infrastructure networks – including water supply, energy networks, and telecommunications. However, tighter regulation will likely become a balancing act, weighing up responsibility between critical infrastructure organisations and government-provided services.
Australia will start to adopt preventative measures learnt from geopolitical situations across the globe. For example, the success of using protective DNS to reduce financial cyber crime in Ukraine will encourage Australian organisations to use similar strategies, blocking access to malicious domains, preventing cyber criminals from carrying out their attacks at the infrastructure level. The success of protective DNS in Ukraine highlights its potential as a valuable tool in Australia, as the fight against cyber threats grows.
John Wojcik
Senior threat researcher at Infoblox
The scam ecosystem will continue to be exposed globally, raising new awareness of the many aspects of these crimes, including payment processors, geographic distribution of call centres and connected financial crimes. We should expect to see more law enforcement actions across the world as they come to understand the complexities and find ways to bring enforcement. In late 2025, we have seen both huge financial actions against Chinese actors through the largest cryptocurrency confiscation ever and a fine of $256 million against Canadian processors who were supporting Russian cyber criminal activities.
Australia will follow this path, taking a harder, more tangible stance against cyber criminals. This is already taking shape, with the Australian Federal Police launching the National Security Investigations team to tackle increasing cyber crime.
Peter Lees
Head of solution architecture in Asia-Pacific at SUSE
Resilience begins with freedom of choice. The rise of digital sovereignty regulations, particularly with the precedent that is emerging from the EU, means APAC businesses must carefully and proactively consider how to maintain control over their data and technology platforms from the outset, instead of reacting to being locked in when it’s too late.
On top of the ethical considerations, there is a pragmatic one too: of governance and cost control. Choosing flexible, open options prevents organisations from being locked into enormous migration costs or becoming vulnerable to huge price increases from a single vendor.
Theo Hourmouzis
Senior vice president, ANZ and ASEAN, at Snowflake
As AI model training continues, soon we’ll see a shift from historical data to synthetic data – generated data that mimics real-world information and scenarios. The research bears this out with the synthetic data generation market in Australia alone predicted to grow from just US$4 million in 2023 to US$36.9 million by the end of the decade.
But why synthetic data, and why now?
As organisations ramp up AI/ML model workloads, a data bottleneck is emerging – effectively, a lack of labelled data, privacy restrictions, domain-specific gaps – that is becoming a real constraint on AI strategies. Synthetic data can augment training datasets, anonymise sensitive information and thus accelerate model development.
As a result, enterprises will increasingly generate synthetic copies of real-world datasets, simulate customer journeys, or model various scenarios rather than relying solely on historical data.
Keith Payne
Regional vice president, APAC, at Nintex
We’re going to see managed service providers (MSPs) transition into managed intelligence providers. Or, trusted advisors who help small and medium-sized businesses harness AI and automation to deliver measurable business outcomes. This shift won’t be defined just by tools, but by mindset. MSPs that move beyond system maintenance and embrace data-driven, outcome-based models will lead the next wave of digital transformation across the SMB sector.
MSPs and technology partners will shift from selling products and features to delivering intelligence-led business results. Success will be tied directly to outcomes like cost reduction, performance and efficiency gains, and customer satisfaction, not just system uptime or toolsets. This evolution will drive a new level of transparency and accountability across the industry, where value will be proven through data, not promises.
Srini Gutta
Technical practice director at Adactin
Cyber security will remain a top spending priority in 2026 as organisations respond to escalating threats and new wave of AI-enabled cyber attacks. With attackers adopting AI tools to automate reconnaissance, craft highly targeted phishing campaigns and probe systems at scale, defensive teams will be under renewed pressure to modernise their security posture.
Security budgets are likely to grow as organisations deploy AI-enhanced detection systems, automated response frameworks and more sophisticated identity controls. The regulatory environment, particularly in sectors that handle sensitive citizen data, will further accelerate investment, reinforcing cyber security as a board-level issue rather than an operational line item.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.