S36 Ep14: Emerging Threats 2026

Today, Steve looks toward the horizon, at the threats and challenges that enterprises and business leaders will face in 2026 and beyond. He also gives advice on how everyone, from the board to the practitioner, can meet these challenges, and answers some of the questions he’s received this year.  Key Takeaways: Steve’s four key drivers of cyber risk heading into 2026 are AI, supply chain, quantum, and geopolitical instability. Crucial to cyber resilience are strong governance and a security-conscious culture. Adaptive governance and adaptive security are keys to managing the challenges of 2026 and beyond.  Tune in to hear more about: Steve’s four key drivers of cyber risk heading into 2026 (2:23) Questions to ask, whether you’re a board member, an executive, or practitioner (16:14) The changing role of the board (18:54) Standout Quotes: “ Resilience really needs an organizational wide holistic approach that takes technology, it takes governance, it takes operational readiness, and really importantly, it takes people into account.” - Steve Durbin “I think boards need to really take it upon themselves to absolutely recognize that cyber risk is a national risk. It is a business ending risk, and they need to ensure that they don't just have incident response and resilience in place, but that they also have a tried and tested plan, so this is good old fashioned BCP — business continuity planning — with a cyber flavor.” - Steve Durbin “Cyber risk reporting has to be business outcome oriented. Boards, business executives understand revenue, operations, customer impact, legal exposure. That's the way we have to be reporting cyber risk. It's not about how many attacks we repelled, it's not about how good our systems might be. You need to translate it into business language. If you can do that, not only will you get buy-in, but you'll also have a much richer conversation about the role that cyber and therefore cybersecurity and cyber resilience play in the business.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In the second part of his interview with journalist Nick Witchell, Steve and Nick delve into the world of AI and cyber. Steve shares his thoughts on autonomous cyber defense and argues that major actors like the ISF, large private enterprises, and the UK’s National Cyber Security Centre, must lead the way and support small and medium-sized businesses in keeping pace with technological advancements. The two also discuss the future of AI, cautioning that we aren’t as prepared as we need to be… Key Takeaways: Small and medium-sized businesses must receive support to stay up-to-date with new technologies. As more automation is introduced into business operations, understanding of one’s crown jewels and how to protect them is increasingly important. AI is advancing rapidly with evermore funding, and globally society is not preparing as well as it needs to for what’s to come.  Tune in to hear more about: Steve’s view on autonomous cyber defense (00:55) The National Cyber Security Centre and its role in the cyber resilience of UK businesses (3:36) How AI will impact jobs in cyber (7:55) Standout Quotes: “You'll never get me going into an autonomous car. I just won't do it. And people will say, ‘Yes, they're being looked after by some bloke in a tower somewhere who's watching it.” I'm not buying it. I've been working in technology for far too long to know that it is fallible. And so I think we have to really move toward much more transparency in our understanding of where the AI tool is active, the data that it's using, the decisions it's making.” - Steve Durbin “We are looking for large private enterprise to be working collaboratively with people like the NCSC, with people like the ISF, to really help some of these smaller organizations that don't have the luxury or resources available to them to keep a pace with [technology].” - Steve Durbin “If you go back to the internet, we didn't do a good enough job of trying to forecast the way in which the internet was going to be used. We put it out there and we said, ‘Let everybody use it and let's see where it goes.” We are doing, I fear, a similar kind of thing with AI.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with journalist Nick Witchell for a conversation focused on what business leaders can learn from this year's major cyber attacks and the recent AWS outage. The two also discuss cyber regulations and the challenge of operating global enterprise during significant geopolitical turmoil. Key Takeaways: Boards and senior executives understand there is a threat, but many still lack knowledge of how to deal with it.  We are too reliant on technology; for the sake of business continuity, a backup plan must be in place.  High-quality simulation exercises are a crucial step toward more cyber resilience. Tune in to hear more about: The role of policy and regulation (3:17) Why cyber simulation exercises are so important (5:45) Steve’s thoughts on the recent AWS outage (7:54) Standout Quotes: “Now, in the boardroom itself, in companies themselves, we have seen over the past few years an increasing awareness of the threat that these kinds of things can bring to really the future of an organization. But the challenge I think we now face is really helping boards, senior executives to transition from, yes, I get there's a threat, but what should I actually be doing about it?” - Steve Durbin “I think that in the main, cloud service providers are still probably far better equipped to provide the level of service that most companies need than you'd be able to do yourself. However, we do need to take into account that things will go wrong. And we have to plan for that. So if you are an organization that can quite happily exist without access to data in a cloud provider, it doesn't have to be Amazon, it could be anybody else, then fine. I would question why you're using them in that case. If on the other hand, you are dependent on them, you have to have some backup in place.” - Steve Durbin “All too often I'm seeing people particularly in the area of, say, cyber simulation exercises, because they're viewing it as a compliance exercise, going for least cost. That to me is a bit like saying I've just moved into an area where I know the burglary rate is quite high. What's the cheapest lock and door that I can get on my front door? It's madness. Not many of us would do it. We would try to work within our budget. We'd try to really figure out how important things were in our house. That's the mentality we have to adopt. So yes, you can get some of these things done very cheaply and you can tick a box, but it's not going to help you when things go wrong.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s special episode features Steve’s recent Business Matters broadcast interview with Juliette Foster, featuring conversation about critical cybersecurity challenges facing organizations today. Steve and Juliette discuss targeted phishing, the growing threat of Crime-as-a-Service, the increase in AI-driven cybercrime, and more.  Key Takeaways: Cyber attacks will continue to increase, and businesses must adjust. Regulators must strike a balance to have clear guidelines without stifling businesses. To take advantage of new technologies like AI, businesses must invest in upskilling their employees.  Tune in to hear more about: Why cyber crime is on the rise (2:17) How cyber criminals target their victims (4:00) Solving the cyber skills shortage (29:02) Standout Quotes: “The bad guys only need to get lucky once and they can cause havoc. And so the sorts of numbers you are seeing are them plugging away at it, trying to break down defenses, trying to find a way through. And on the defensive side, of course, we have to be at the top of our game 24/7, and that's just impossible.” - Steve Durbin “We also have very complex supply chains now that obviously are made up of small to mid-size companies. [...] So an easier way of accessing some of this high value information is often via the third party. So you don't necessarily need to be attacking the larger enterprise. You can target a smaller to mid-size, which probably doesn't have the same level of defense, maybe not the same level of awareness. And because it's in the supply chain and sharing information, you can then access through to the larger enterprise.” Steve Durbin “You have to invest in actually looking at the skill sets that you need within your organization and making some hard calls, I think, as to whether or not you do have the right capabilities within your organization. That doesn't necessarily mean that you have to get rid of a lot of people. It means you probably do need to invest significantly in upskilling and training and thinking very hard about how you're going to use some of that new technology.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Dr. Tunisha Singleton, Director of Clinical and Sport Psychology Services at University of Arizona and a leading expert in how media, technology, and culture shape the human experience. Dr. Singleton highlights that authenticity and humanity still matter despite all the technology around us, and the two discuss how business leaders can navigate an online presence where almost anything you post can be turned against you. Key Takeaways: Social media is a tool that can be used for good. Authenticity is key for brand-building online. Posting without purpose is worse than not posting at all. Tune in to hear more about: Dr. Singleton’s background (1:21) How to grow your brand authentically (10:22) The risks of posting too much online (15:44) Standout Quotes: “At a certain point we all just have to come to grips with, we are in charge of our behaviors. We have authority, we have much more agency than we give ourselves credit for. The tech is there. But if we use it, that's up to us. How we rely on it is up to us. Are we only using Chat GPT now? So there's a bit of authority that we still have to appoint ourselves.” - Dr. Tunisha Singleton “If technology is the car, then let story be the driver behind the wheel. There has to be a point in this. Where are we going? That means what are you offering? What are you giving me that can be a utility to my life, my human experience, rather than a replacement?” - Dr. Tunisha Singleton  ”If we want to stick out and if we want to build our brand, then shouldn't we have the use the one thing that's different than everybody else, that's our voice. So why would we want to act like everybody else? If our goal is to stand out, then be an individual.” - Dr. Tunisha Singleton Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Maria Ross keynote Speaker and Award-winning journalist welcomes Steve Durbin at the Empathy Podcast for a compelling discussion on the intersection of empathy and leadership. Managers focus on tasks, leaders empower people. Curiosity is the defining trait of an empathetic leader, the ability to set aside ego and truly listen.

Today, Steve is in conversation with Catherine Bosley, an award-winning veteran journalist, with more than thirty years of public speaking experience. Steve and Catherine discuss the importance of protecting one’s online image, what to do when *it* hits the fan, and why a social media policy is something all organizations should have. Catherine also offers a reminder: pause before you post… Key Takeaways: Think before you post! It will save you a whole lot of headache. What you put online never goes away. Today, offline events can impact your online persona, so be aware of how you appear in public. Tune in to hear more about: How to shine online (4:07) How to deal with negative publicity online (11:19) Being online in the age of AI and deepfakes (19:03) Standout Quotes: “These days, that online image or online presence is so important. It almost is more important than a resume or a portfolio.” - Catherine Bosley “My first step with a response is to ignore the negative because the more you respond to the negative, especially in a defensive negative way, the more you're going to fuel that fire and the more it's going to catch on and become part of your forever and for all to see.” - Catherine Bosley “Understand that people are watching and people especially are looking for those social media gold moments, and if they capture you having one of those ‘what was I thinking?’ moments, because we all have them. We're all human. We all make mistakes. Then you just don't know what that's going to do to your world on the personal side or on the professional side." - Catherine Bosley Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Dr. Amy Athey, founder of Athey Performance. Her mission is to make the tools of elite performance accessible and human. Amy is a nationally recognized performance psychologist and executive coach with more than two decades of experience working with NCAA champions, Olympians, Navy SEALs, Fortune 500 leaders, and individuals navigating complex lives. She shares how business leaders can help their teams feel more connected to their organization’s purpose and talks about what drives high-achievers. Steve and Amy also discuss stress in the cybersecurity industry and why rest is absolutely crucial for success.  Key Takeaways: Leaders can address rising anxiety, burnout, and disconnection across all levels of their organization by fostering empathy, trust, and a stronger sense of shared purpose. Work with elite athletes and special forces has taught Athey that in high stress environments, recovery and rest are as essential to peak performance as hard work. Prioritize foundational wellness habits — consistent sleep, movement, hydration, and play — for sustainable performance and resilience. Tune in to hear more about: Impact of the grind (2:56) Technology and human disconnect (6:29) Keeping it simple (22:17) Standout Quotes: “What we came to learn and implement and certainly we've seen the results for, is that role of recovery is just as crucial as the tactics or the strategies you're using to solve that problem, the rehearsal and maybe it's the communication or in that performance domain, what you are drilling all the time to be able to execute.” - Amy Athey “And even to the extent that situation permits, how can you take a step away, even turn your back on your computer, even if it's for 90 seconds? Close your eyes and take three deep breaths. We've seen the return of energy stores just from that disconnection in that moment. So when you're sympathetically engaged, basically you're in that fight or flight response, you're trying to solve that problem.” - Amy Athey “And so keeping it simple with each of those. If people wanna take deep dives, certainly I could share the value of that. But some of the culture around hacking and like the quick fixes, that's what I will push up against until I'm blue in the face. Building in wellness as a foundation for performance isn't about a quick fix, if we could do just 80% of this, like how can you reduce some of the processed foods in your diet? How can you make sure you're hydrating? Movement. Then that active recovery..” - Amy Athey Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve speaks with psychologist Dr. Glen Moriarty, founder and CEO of Seven Cups, a free emotional support service with 570,000 trained volunteer listeners who support users in 189 countries. Steve and Glen explore the origins of Seven Cups, its background and its global user base, and discuss why so many feel alone in a hyper-connected online world. Glen also explains the nature of the gift economy and how we can avoid getting addicted to technology. Key Takeaways: Even as more things move online, human interaction remains important. Technology can be good and bad, it depends on how it’s designed. The mental health care system needs better triaging so that people get the right help. Tune in to hear more about: How and why Seven Cups began (1:58) Technology addiction (4:59) Whether Seven Cups is replacing humans with computers when it comes to mental health (9:54) Standout Quotes: “Technology can be used for good or bad. And so the internet can be a source of amazing compassion and love. But it has to be deliberately designed that way. It won't happen by accident.” - Glen Moriarty “Certainly there are cultural differences and different pushes and pulls, but humans we're a lot similar. The way we read emotions are universal, so it doesn't matter where you live. The emotional expression is similar. Human societies are pretty similar. Relationships are similar. There's different assumptions about I'm part of more collective society, or I'm part of a more individualistic society, but by and large, people generally struggle with feelings of sadness, feelings of worry, fear, and relationship difficulties.” - Glen Moriarty “Therapists should be seeing people that can't be helped by a volunteer or a family member or a friend. They should be helping people that are in higher levels or more complex levels of distress. And so in the States, part of the challenge is that you can think about it like a pyramid or a triangle. They're at the very top and it's all clogged up there. But if we could take some of the folks that can get help for free or low cost to other folks, then that opens up the channels for more people that really need help to get help by those expert professionals.” - Glen Moriarty Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with leadership coach Dr. Sam Adeyemi. Sam is an expert in leadership who has coached C-suite executives for over two decades. Together, Steve and Sam explore the essence of who is a leader, and Sam explains why people should always be the first priority of a leader. They also discuss AI and how it will impact people and business in the coming years.  Key Takeaways: Leadership is about your ability to influence, not the position you hold. Technology has changed the nature of leading. AI will change how we work by taking over routine tasks and giving humans more time for creative challenges.  Tune in to hear more about: How leadership differs across cultures (4:28) How technology is changing leadership (8:47) How AI will change how we work (14:27) Standout Quotes: “We still need to leave those spaces where we actually ask, how are you doing, to be sure the parts of their lives that are important are going well. Because those parts actually influence what they do on the job.” - Dr. Sam Adeyemi “It’s like when computers first came. They made things work faster. When I was doing mathematics in high school, we used to use log tables and things like that. It was much slower getting to work through the calculations. But with calculators these days and so on, it’s faster. AI is going to create an even bigger shift than that. The computers did not take all the jobs away. However, they changed the way that we do our work. So we humans, therefore, need to move more towards creativity, and that is tied more to our uniqueness, the unique way our minds work.” - Dr. Sam Adeyemi “A lot of C-suite leaders find it difficult to reinvent, and it’s one of the major reasons why people get stranded, why leaders just stagnate. Change is inevitable. It happens, the world doesn’t remain the same. The conditions that facilitated our achievement of success, those conditions have changed. The context has changed. So for us to sustain our success, for us to remain relevant, for example, we also have just got to change.” Dr. Sam Adeyemi Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.