What is the newly added threat in IPA's Top 10 Threats 2026?

"Cybersecurity risks related to AI usage" was selected for the first time, ranking 3rd for organizations. It covers information leakage from insufficient AI understanding, over-reliance on AI output, and attackers misusing AI.

What should SMBs tackle first?

Common themes across the threats are ransomware, supply chain, people, and authentication. A practical starting point is backups and EDR, checking suppliers' security, multi-factor authentication and identity integration, and setting rules for generative AI use.

What are Gartner's key themes for 2026?

AI-related topics (governing agentic AI, identity for AI agents, AI-enabled SOCs), cyber resilience driven by regulation, and starting the move to post-quantum cryptography.

Security Trends 2026

Security Trends 2026: IPA Top 10 Threats and Gartner Outlook

Drawing on IPA's "Information Security 10 Major Threats 2026" and Gartner's 2026 cybersecurity trends published in early 2026, we summarize what small and mid-sized businesses should focus on now. The common keywords are ransomware, supply chain, and AI. This is our summary based on each organization's public information, with sources listed at the end.

Back to Tech Insights Get in touch

IPA 10 Threats

IPA "Information Security 10 Major Threats 2026" (Organizations)

Published by IPA (Information-technology Promotion Agency, Japan) on January 29, 2026, and decided by a selection committee of about 250 members. The ranking for organizations:

1Ransomware attack damage (1st for the 4th year running)
2Attacks targeting supply chains and subcontractors
3Cybersecurity risks related to AI usage (first-time entry)
4Attacks exploiting system vulnerabilities
5Targeted attacks after confidential information
6Cyberattacks driven by geopolitical risk (incl. information warfare)
7Information leakage from internal fraud
8Attacks targeting remote-work environments and systems
9DDoS (Distributed Denial of Service) attacks
10Business email compromise (BEC)

Ransomware and supply-chain attacks remain at the top, and the notable change this year is that "cybersecurity risks related to AI usage" entered the list for the first time, at 3rd — covering leakage from insufficient AI understanding, over-reliance on AI output, and attackers misusing AI.

Gartner Trends

Gartner's trends for 2026

On February 5, 2026, Gartner announced its top cybersecurity trends for 2026 (global security spending is projected at about $244.2B in 2026). The six key points:

✓Agentic AI demands cybersecurity oversight — proliferating AI agents create new attack surfaces
✓Regulatory volatility drives cyber resilience — boards and executives held accountable
✓Post-quantum cryptography moves into action — guard against "harvest now, decrypt later"
✓IAM adapts to AI agents — authorization and governance for machine actors
✓AI-enabled SOCs emerge — efficiency gains alongside new complexity
✓Supply chain and third-party risk — managing suppliers and external AI dependencies

Action

What SMBs should do first

The recurring themes are ransomware, supply chain, AI, and authentication. From our perspective, here are the highest-priority moves and related explainers.

Ransomware & intrusion defense

Immutable backups, EDR, least privilege, and a Zero Trust mindset to limit damage.

Identity & MFA

The foundation against impersonation and unauthorized logins — strengthen with SSO and MFA.

Rules for generative AI

For the newly listed "AI-usage risk," use input rules and business-grade AI to adopt it safely.

SASE & rethinking the perimeter

In the cloud and remote-work era, apply the same controls no matter where access comes from.

Sources

✓IPA "Information Security 10 Major Threats 2026" (published Jan 29, 2026)　IPA official page ↗
✓Gartner "Top Cybersecurity Trends for 2026" (announced Feb 5, 2026)　Gartner press release ↗

* This article is our summary based on the public information above. Please refer to each organization's official information for the full details.

FAQ

Frequently Asked Questions

QWhat is the newly added threat in IPA's Top 10 Threats 2026?
"Cybersecurity risks related to AI usage" was selected for the first time, ranking 3rd for organizations. It covers information leakage from insufficient AI understanding, over-reliance on AI output, and attackers misusing AI.
QWhat should SMBs tackle first?
Common themes across the threats are ransomware, supply chain, people, and authentication. A practical starting point is backups and EDR, checking suppliers' security, multi-factor authentication and identity integration, and setting rules for generative AI use.
QWhat are Gartner's key themes for 2026?
AI-related topics (governing agentic AI, identity for AI agents, AI-enabled SOCs), cyber resilience driven by regulation, and starting the move to post-quantum cryptography.

Talk to us about your security posture

From questions like "which of the Top 10 threats should we address first" to organizing your risks around ransomware, supply chain, and AI usage — we can help, even starting from a current-state review.