AI, quantum computing and the end of passwords are among the top trends set to impact cybersecurity in the year ahead, according to Garith Peck, Managing Executive of Cybersecurity at BCX, and Chris Bester, Consultant: Cybersecurity Management & Governance at BCX.

“At the end of every year, I like to look at what’s coming next, because in cybersecurity, if you wait to react, you’re already behind. In the past few years, many of the top analysts’ predictions have come true, such as the rise of passkeys, AI-generated phishing, deepfake scams and the growing panic about securing AI itself,” says Peck. “The pace of change has been relentless. Looking ahead at what’s in store for us in 2026 and beyond, we see some exciting trends, some terrifying ones, and some that may make you want to throw your laptop out of the window and move into a cabin in the woods.”

Passwords to passkeys and the end of password fatigue

Peck says: “Passwords have been guessed, reused, written on sticky notes and leaked in more breaches than we can count. So, the industry is moving on.”

He notes that passkeys using public key cryptography, asymmetric encryption, and biometric verification provide a more secure authentication method than passwords.

“Passkeys built on FIDO2 standards are gaining a lot of traction, and we are already seeing millions in use. This isn’t just a tech trend – it’s a trust-shift,” he adds.

However, says Bester, the biggest challenge in taking the leap from passwords is fear of change. “People are used to passwords and it’s a difficult shift for them. They don’t understand that a passwordless environment will be better. From a corporate perspective, you can lay down the law, but user behaviour is the challenge that has to be changed,” he says.

Peck agrees: “It’s not the technology that’s the problem – changing old habits is hard. But once people experience the bliss of not having to remember passwords, things will change.”

Generative AI and the new cyber arms race

Another key trend impacting cybersecurity next year is the impact of AI, they say.

Peck says: “We are already seeing flawless AI-generated phishing mails that are personalised and use perfect grammar. Gone are the days when you could spot an attack because the ‘Nigerian Prince’ couldn’t spell. AI can now automate reconnaissance, scan for vulnerabilities and write exploit code, so it’s an arms race between good AI and bad AI.”

Bester sees defenders keeping up through ongoing education and learning. “I’ve been in this game for 40 years and I still learn every day. There are constant changes to take into account. You have to think like a criminal and remember that, on the other end of the scale, the perpetrator is using AI to target individuals,” he says.

Peck believes: “The future of cyberdefence is humans and AI working side by side.”

Deepfakes and the trust crisis

Peck and Bester say another key trend in cybersecurity in the year ahead is deepfake technology.

Peck says: “Deepfakes used to be fun – people putting their faces on movie clips – but it has rapidly become dangerous. We are seeing deepfakes being used to impersonate executives in calls, instructing staff to make money transfers, for example. We also see fake political robot calls telling voters to stay home, or may even see fake videos deciding court cases. It’s no longer just a cybersecurity issue – it’s a societal one. When we can’t trust what we see or hear, verification becomes everything. Individuals have to become extra skeptical.”

Seeing is no longer believing, Bester agrees. “You have to be able to verify everything that comes across your desk, and it’s a challenge. Deepfake is so realistic that, even to the trained eye, it is difficult to discern what is real and what isn’t.”

Governance habits and frameworks have to evolve, because from an AI perspective, our governance frameworks are lagging significantly. “Governments and corporations need to catch up,” Bester says.

Guarding the AI guard dogs

Another challenge in cybersecurity is securing AI itself, they note.

Peck says: “While AI plays an increasingly important role in security and day-to-day corporate operations, we have to guard the guard dogs. Organisations must take control of shadow AI – it’s the new shadow IT, except now it learns, adapts and potentially leaks your trade secrets.”

“Organisations shouldn’t attempt to ban AI altogether, but rather embrace AI responsibly,” Bester advises. “Put the guardrails up and make sure that, whatever shadow AI is in use, it isn’t weaponised. If you create controlled AI playgrounds, AI can be very beneficial for organisations.”

The key to secure AI is visibility and proper controls, they say.

The cryptographic countdown to quantum computing

Describing quantum computing as the tech world’s ‘ticking clock’, Peck says: “There are already some examples of quantum computing but when it becomes mainstream, it will likely break most of today’s encryption faster than you can say RSA. Attackers are already harvesting encrypted data today, waiting for quantum computing to mature so that they can decrypt it later.”

Bester adds: “Not many people know about this ‘harvest now, decrypt later’ risk, and now is the time to prepare.”

The human factor

The human factor remains a critical one in a machine learning and AI future, they emphasise.

Peck says: “As powerful as these technologies are, cybersecurity always depends on human judgment. Technology can predict, analyse and react, but it can’t fully understand intent, ethics and trust. Organisations that win in the next era will be those that combine AI’s efficiency with human empathy and discipline, because AI learns patterns but only people understand consequences.”

“2025 won’t be defined by one breakthrough or threat – it will probably be defined by the convergence of AI, quantum and human behaviour intersecting faster than we can legislate. Our challenge and opportunity will be to lead responsibly and to use technology to defend not just systems, but also to defend trust,” he concludes.

Garith Peck and Chris Bester discussed cybersecurity trends during a Cybersecurity Awareness month podcast hosted by BCX. To listen to the full podcast on BCX Connects, go to https://www.bcx.co.za/bcx-connects/