Matt Rider is Global VP of Customer Technical Support at Exabeam, leading strategy for threat detection, investigation, and response.
He is a veteran IT executive, keynote speaker and author with over 20 years’ experience helping organisations achieve cyber-resilience through leadership roles at Microsoft, Sophos, Rapid7 and now Gartner-recognised leader, Exabeam.
A UK government adviser on cybersecurity policy, Matt is part of the Hackers in the House initiative and a passionate advocate for demystifying and democratising the cyber industry.
Matt Rider, Global VP of Customer Technical Support at Exabeam, photo courtesy of Exabeam
Cybersecurity has moved far beyond just being a boardroom concern. In 2026, it is increasingly recognised as a core part of national resilience, public safety and economic stability. Yet for governments, acknowledgement of its importance alone isn’t enough. As digitalisation and AI adoption widen the attack surface, cybersecurity becomes a top priority for governments that hold the responsibility to protect citizens, maintain trust and proactively defend critical national infrastructure.
Governments have long been pinned as attractive targets for threat actors for several reasons. They hold extensive sensitive citizen data, manage complex supply chains and often operate vulnerable legacy systems. At the same time, the sector often faces budgetary constraints and skills shortages, with nearly 50% of public sector organisations lacking the workforce to meet their cybersecurity objectives, according to the World Economic Forum. These conditions create the perfect environment for nation-states to use to their strategic advantage and cybercriminals to exploit.
Throughout 2026, these ongoing vulnerabilities combined with the evolving threat landscape are set to force a shift to align strategies with ever-changing national resilience requirements.
Here are my predictions for how emerging trends will shape government cybersecurity over the coming year:
- An attempted attack on critical infrastructure will be a wake-up call for new regulations
2026 brings the risk of a near-miss cyber incident as digital touchpoints, from electric vehicle (EV) chargers to medical devices, smart buildings and industrial control systems continue to expand. With this growing attack surface comes mounting risk. The opportunities this opens for threat actors range from manipulating EV chargers to create sudden surges in the power grid, to exploiting misconfigured hospital equipment, or taking advantage of vulnerabilities in poorly secured Internet of Things (IoT) devices.
For governments, the stakes of such an incident are incredibly high. Even a narrowly avoided attack would expose gaps in regulation, oversight and operational resilience. In the event of this, we can expect to see new mandatory safety and cybersecurity requirements for connected infrastructure to ensure operational technology (OT) and IoT systems meet robust, enforceable standards. Protecting against critical infrastructure risks would require policymakers to act swiftly to harden defences to withstand more sophisticated and targeted attacks.
- Cyber insurance will tighten requirements for verifiable security
The approach of questionnaire-based cyber insurance is ending in 2026. Insurers, facing rising payouts, will demand audit-level evidence of security measures. This will see multi-factor authentication (MFA), privileged access governance, regular backup testing and AI-agent monitoring all becoming important parts of how organisations demonstrate verifiable cyber hygiene to reduce premiums and qualify for coverage.
With this, governments will be under increased scrutiny to prove robust security practices to both insurers and regulators. Ongoing economic pressures may limit some budgets, yet with rising geopolitical tensions and the growing reliance on digital public services overall security spending is expected to remain resilient. In practice, the need for strategic government investment in cyber resilience could accelerate adoption of standardised security frameworks and enforce influence procurement requirements for vendors serving public sectors.
- A mass-scale AI cyber incident will test trust in government services
During 2026, it is a growing possibility that we could witness an AI-related cybersecurity incident on a similar scale to the 2020 SolarWinds supply chain attack. The malicious poisoning of datasets, infiltration of supply chains or corruption of fine-tuned AI could cause AI tools to tamper with outputs, disrupt operations or circulate misinformation.
Within the context of the government sector, a successful AI cyber incident could impact critical public services that are essential for everyday life and potentially undermine trust within the government itself. The repercussions of this type of attack would likely accelerate the adoption of mandatory third-party audits, transparency standards and tighter AI governance frameworks, building on regulations like the EU AI Act. What’s vital here is that governments aren’t playing catch-up with AI-enabled threat actors. Instead, proactively preparing for such an event would demand governments to move at a quicker pace than emerging AI risks.
- Identity-first security expands beyond users to APIs and AI agents
In 2026, identity-first security will extend to incorporate APIs, machine identities and AI agents. As government entities increasingly utilise automated workflows and assign tasks within AI platforms, each AI agent will require its own individual identity, privileges, and monitoring. Unlike with human users, AI behaviours can be unpredictable. As a result, determining intent, access control and auditing become more complex.
Looking ahead, failure to modernise identity governance could leave critical data vulnerable to unauthorised access, data leaks or AI-enabled attacks. This will lead to the deployment of unified governance frameworks capable of tracking, validating and revoking permissions for human users and AI entities. Embedding identity-first principles into government operations will be instrumental in enabling authorities to maintain visibility and control over emerging AI tools while protecting public services and citizen data.
Tackling the 2026 attack surface
While the future threat landscape remains uncertain, what we can be sure of is that risks will continue to evolve rapidly, requiring governments to continually review and adapt their defence strategies.
Preparing for this and all the risks it brings to critical infrastructure requires government entities to prioritise stronger regulations and adopt comprehensive risk management practices. This is where policy, awareness, and proactive defence will come together to redefine government cybersecurity. The future of effective cybersecurity depends on governments’ ability to move from proposed action to sustained proactive strategy.
In related news:
Stolen data posted online after alleged Nike and Under Armour cyber attack
Wigan beats London with major tech relocation, promises AI leadership
Leave a Reply