From deepfake CEO impersonations to AI-enabled malware, businesses face increasingly sophisticated cyber threats in 2026
What’s happening: Cybercriminals are rapidly adopting artificial intelligence to automate and scale their attacks, creating new challenges for businesses in 2026. Small businesses, often operating with limited budgets and facing more vulnerabilities, are particularly at risk.
Why this matters: The integration of AI into cybercrime means attacks are becoming harder to detect and more sophisticated. As companies shift to web-based work environments and remote models, the attack surface expands whilst many organisations leave browsers unprotected, exposing employees to malware and data loss.
Artificial intelligence has become a double-edged sword in the corporate world. Whilst businesses embraced AI-powered tools throughout 2025, cybercriminals were equally quick to weaponise the technology, according to Andrius Buinovskis, cybersecurity expert at NordLayer, a network security platform for business.
Buinovskis explains that 2026 will see even more AI-powered cyber threats alongside persistent risks that continue to challenge business cybersecurity. He outlines four main threats businesses should monitor closely.
AI deepfakes deceive employees
The blurring line between basic and advanced social engineering is making detection and resistance significantly more difficult. Automated deepfake social engineering represents a primary growing concern, enabling cybercriminals to carry out increasingly believable attacks.
“Bad actors could definitely utilise highly believable videos and voice calls to impersonate CEOs, third-party contractors, or other employees to trick staff members into divulging sensitive information, accepting fake invoices, or handing over credentials to infiltrate the network and deploy a larger-scale attack,” Buinovskis says.
AI-enabled malware presents another rising threat. Google recently identified the first instance of Just-in-Time AI malware, a new type that utilises artificial intelligence to dynamically generate malicious code at runtime.
“JIT can generate malicious code dynamically, flying under the radar of traditional antivirus software that relies on static analysis,” says Buinovskis. “Its ability to analyse the target’s system in real time and dynamically generate malicious code tailored to specific vulnerabilities, configurations, or data enables it to deploy highly targeted attacks.”
Ransomware incidents surge globally
According to research by NordStellar, a threat exposure management platform, ransomware incidents increased by 47% as of September 2025 compared to the same period in 2024. The trend will most likely continue into 2026, especially with AI-powered ransomware.
“Like other cybercriminals, ransomware groups are adopting AI and using it to scale their operations by automating the attacks,” Buinovskis says. “We’ve already seen how the rise of the ransomware-as-a-service model lowered the entry barrier for these attacks, allowing even hackers without the proper technical skillset to participate.”
If ransomware groups successfully implement AI and increase their efficiency, they will reap the same profits with fewer human resources, resulting in greater financial gain. This could serve as the catalyst for an even greater ransomware surge in the longer run.
Browser becoming primary target
Malicious browser extensions raised concerns over browser protection in 2025, but they’re not the only browser-related threat. The browser has become a substantial attack surface and the primary target for many dangerous attacks.
“As companies continue to adopt web-based software as a service and abandon the desktop for the web, the cyber risks that are waiting for employees in the browser are becoming increasingly more prominent and common,” says Buinovskis.
Malicious extensions, various phishing pages, and infostealer malware are some of the main threats lurking in the browser, which is becoming the default channel for work-related tasks in many organisations. Despite many organisations shifting to a browser-based working environment, it’s still often left unprotected, exposing more employees to malware, browser-based exploits, and data loss.
Insider threats cost millions
A study found that 83% of organisations reported experiencing at least one insider attack in 2024. Insider threats are complex, and as companies’ attack surfaces constantly expand due to remote or hybrid work models and the introduction of shadow IT and shadow AI, the threat will continue to escalate.
“With so many factors contributing to the complexity of the current cyber environment, it’s becoming increasingly more difficult to ensure high observability into what users are doing and prevent them from bypassing security policies,” says Buinovskis. “As a result, insider activity can go undetected for a significant amount of time, allowing for more devastating cyber incidents.”
The current cybersecurity landscape and constant evolution of threats will ultimately lead to more cybersecurity incidents caused by user error, turning more employees into unintentional insiders.
Buinovskis emphasises that to safeguard against cyber threats looming in 2026, businesses should prioritise building a comprehensive cybersecurity strategy and raising employees’ cybersecurity awareness. He highlights that small businesses, often operating with limited IT budgets and facing more security vulnerabilities, should reassess their cybersecurity policies because they are frequently the primary targets of cybercriminal activity.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
