G DATA IT Security Outlook: Robust cyber defense requires modern technology and awareness training
According to the assessment of the security experts at G DATA CyberDefense, 2026 will be shaped by the misuse of artificial intelligence, a shortage of skilled professionals, and growing pressure for digital sovereignty. The current IT Security Outlook shows that AI is rewriting malicious code and that the number of attacks on companies by their own employees is rising. The good news: the share of ransom payments is declining because companies are becoming more resilient and have functioning backups.
The IT security situation will remain tense next year as well. In G DATA CyberDefense’s view, cybercriminals will increasingly use AI tools to rewrite code from one programming language into another. As a result, the number of malware strains created in Rust, for example, will rise. In this way, they conceal malicious software from signature-based detection methods. To protect against such attacks, security systems that work on a behavior-based approach are needed. It is also striking that the amount of “faulty” malware is currently increasing sharply – the reason being that inexperienced or unskilled malware-authors are using AI-generated code without checking the results.
“Artificial intelligence drastically lowers the barrier to entry for cybercriminals. In particular, people with little technical understanding and high criminal energy are entering the market right now. They are causing considerable damage,” says Tim Berghoff, Security Evangelist at G DATA CyberDefense AG.
“Effective cyber defense requires continuous monitoring of the infrastructure by knowledgeable and experienced staff in order to detect a compromise early.”Insiders as a renewed threatIn 2026, an increase in insider incidents by dissatisfied or overburdened employees is to be expected. Current cases show that employees with many years of service in particular may harm their former employer after being dismissed. The motives for this behavior are usually frustration, generational conflicts, and a lack of further training opportunities. Due to constant new developments and changing “best practices,” some administrators sometimes find it difficult to keep up and to move away from long-established but outdated practices. The resulting dynamics carry the potential for conflicts, resentments, and tensions that are hard to resolve.
Digital sovereignty and regulatory complexityThe path taken this year to strengthen European digital sovereignty will continue in 2026. The primary driver of this development remains the persistently difficult geopolitical situation, which confronts companies and government organizations with the question of how they can reduce dependence on non-European technologies. In this context, it can be assumed that the trend toward more IT outsourcing will intensify. Decision-makers will give preference to European solutions.
“The desire for digital independence is great, but the structural prerequisites are lacking,” says Tim Berghoff.
“We must understand IT security as a task for society as a whole and implement nationwide measures to put current requirements into practice quickly. Cybercriminals won’t wait for us to shore up our defenses.”Closing the skills gap in the long termDespite rising security requirements, a decline in open IT positions can currently be observed. One reason for this development is the current economic uncertainty. To close the existing personnel gap in the long term, another approach is to increase training of IT security specialists. A standalone apprenticeship for a ‘Specialist IT Security Technician’ could also help reduce the shortage of personnel. Corresponding projects have already been launched.
Further IT security trends that decision-makers should be aware of:
- Social engineering via search engines: Using AI, cybercriminals recreate websites and place their fake pages ahead of the real websites in Google results through SEO poisoning. Users unknowingly download malware from a supposedly trustworthy source.
- Attackers are speeding up: The time between initial access and encryption is shrinking from months to two to three weeks. One reason is improved defensive behavior. Companies detect attack attempts earlier and initiate appropriate countermeasures.
- Rising resilience, less profit: The number of ransom payments will continue to fall because more companies have functioning backups and can restore encrypted data.
Conclusion: Fighting hackers with technology and awarenessIn the coming months, attacks will become more dynamic as cybercriminals quickly adopt new technologies and refine their methods. However, companies are also becoming more capable of learning and more robust. To avoid falling behind in the race against perpetrators, companies and government organizations must deploy modern solutions as well as skilled professionals with the necessary expertise.