Freely subscribe to our NEWSLETTER

Unfortunately, the failure to patch is a trend that is set to continue. There remains a preoccupation with deploying the latest greatest technology rather than addressing the basics of good cyber hygiene. Until we address the core root of these issues, which is the configuration of systems, patch management and vulnerability and exposure management, these average resolution times will creep up allowing these vulnerabilities to be exploited.
One means of doing this is to operate vulnerability management as part of a wider exposure management program. This ensures the organisation is able to defend against vulnerabilities and threats as well as multi-stage attacks. Continuous Threat Exposure Management (CTEM) is a process that can be implemented to help build an understanding of the environment, what matters, what is being actively exploited in the wild, what’s on the critical attack path and what exposures should be prioritised for remediation.

Tardy patching and remediation can be due to a number of factors. A vulnerability might span numerous systems and security provision seldom extends to operational technology (OT) systems, where responsibility falls well outside of IT. It could affect systems that are in high demand and need to run 24x7 for whom downtime is complex and costly. IoT systems present their own challenges and are often no longer supported due to the vendor going out of business or withdrawing support, or simply not known about in the environment. Or applications might be sat on end user devices that get missed on patching cycles or which patch tools don’t have the reach to update, an issue that is particularly true for third party applications .
Our research further found that Java was the most unpatched version of software followed by Zoom, Microsoft, Microsoft Office and Google Chrome. The range of software, applications, and environments now involved makes it imperative that organisations seek to gain visibility over the information estate and to manage their total threat exposure.

XDR will come into its own as a viable alternative to SIEM
The definition for Extended Detection and Response (XDR) will finally be nailed down as the market reaches a consensus on the concept, boosting acceptance and uptake. XDR collects data and activity from across the tech stack for more rapid investigation, threat hunting and response using AI. Various vendors have claimed to have XDR capabilities, muddying the waters and confusing the market. The market is now stabilising, with SIEM providers building out or acquiring XDR capability to add to their log analytics or security operations platforms and endpoint providers doing the inverse and adding log analytics to their XDR portfolio.
XDR taps into the demand for a solution that oversees the full lifecycle of operations, from security protection to detection and response, and the need to validate and address that using joined up thinking. It will ride the wave of AI adoption and could well supplant the Security Incident and Event Management (SIEM) platform. While this has been a stalwart in the cybersecurity armoury, SIEM is an expensive, gesture-focused platform that has to be managed and given specific rulesets. In contrast, XDR is measurable, predictable and usually costed based on assets, so is more autonomous, dextrous and delivers more value.
By the end of the year and into 2026, we expect SIEM to become a niche product that is only used by mature large enterprises which need custom log analytics and retention. The vast majority of organisations will look to XDR platforms to provide them with log analytics, storage and coverage across the entire IT estate providing a joined-up endpoint, identity, cloud, network detection and response capability. XDR will become the single tool to rule them all via a platform that’s able to monitor, protect and respond to threats that are active in any part of the environment.

Quantum computing set to become a reality and threaten encryption
Quantum may seem light years away, and quite the leap, but it’s a major issue that businesses need to begin to plan for and address. Q-Day, when quantum computing advances to the point that it can break the encryption methods safeguarding our data, will throw the cybersecurity sector into a state of flux due to our dependency on encryption. Cryptography has been the predominant means to protect data assets for decades but under quantum computing encryption will become relatively trivial to crack, effectively putting techniques such as brute forcing on steroids.
Quantum-resistant encryption techniques have been developed, but the transition will be complex and costly. Encryption is deeply embedded in many software applications, making it difficult to swap out, it may require hardware to be upgraded and communication protocols to be updated. Similar to when a series of vulnerabilities in SSL saw the rapid migration to more secure versions and TLS, Quantum will force a sea change and the transition will be costly and complex. We can expect to be living in a heightened state of vulnerability for some years.
Under quantum, encrypted information will be able to be very quickly decrypted, which means that any data that has been stolen by organised criminal gangs or nation states will immediately become accessible enabling it to be monetised or exploited. Organisations will undoubtedly begin to panic over how they are going to deal with these issues, leading to a gold rush for vendors into 2026. Businesses can avoid this by transition planning and preparing to adopt Quantum-safe algorithms as identified by NIST which has thus far named three post-quantum encryption standards.

Cloud security and vulnerability management evolve with CNAPP and CTEM
Much of cloud migration thus far has seen a ‘lift and shift’ approach as organisations moved their data wholesale into the Cloud, but transformation efforts have since seen those applications superseded by native offerings. This is now seeing interest peak in Cloud Native Application Protection Platform (CNAPP) technology which is specifically designed to secure cloud native environments.
Cloud entrenchment will also see the make-up of security teams change. Whether it’s a large enterprise with a dedicated Cloud security team, or a cloud security SME within a security team, the importance of these teams and their prominence in the business will grow. These Cloud security functions will begin to take the lion’s share of the security budget, relegating traditional cyber security to the minor league. Such is the importance of the technology that Cloud security will become a base skill for all working in security or looking to move into the security field.
With respect to vulnerability management, the technology now exists to make the process of Continuous Threat Exposure Management (CTEM) a reality, facilitating widespread adoption. CTEM allows the business to continuously identify, monitor and mitigate exposures efficiently by targeting choke points on the network. It’s set to replace basic vulnerability management practices and will dramatically improve security asset management by driving down the time taken to identify critical and high-risk vulnerabilities, which currently make up 78% of those residing on networks according to our research. In the future, CTEM will be defined within the management process and be used to manage both vulnerability and risk in combination.

The human element will continue to be our greatest weakness but also our greatest strength
The divide between man and machine has never been smaller. We’ve seen this lead to the emergence of deepfakes, which are relatively trivial to create, that can fool users into thinking they are interacting with real human beings. As AI technology continues to improve its going to become even harder to discern between what is real and what is fake. We can expect to see phishing scams and authorised push payment fraud become more sophisticated, for instance, necessitating better security awareness training to build a culture of vigilance. Employees need to become the first line of defence, transforming them into active participants in safeguarding the organisation against evolving threats, while more advanced detection technologies help to look for such incidents.
The extent to which the cyber security culture is embedded within the organisation will depend upon effective leadership. As a sector we still need to refine the way in which we communicate cyber security risks and strategies at board level, and how we translate technical challenges into relatable business impacts. If we get that right, it will become easier to secure executive buy-in that then results in meaningful action.