What’s shaping security as we head into 2026

Written By Tim Barrow

As another year draws to a close, many organisations are taking stock of what has changed across their security landscape and what that means heading into 2026.

Across cloud, identity and AI environments, the patterns we’ve seen this year are less about entirely new threats and more about pace. Technology adoption continues to accelerate, while visibility, governance and ownership struggle to keep up.

Before momentum builds again in Q1, it’s worth pausing to reflect on what’s actually shaping security priorities right now.

The themes that kept surfacing in 2025

Across organisations of different sizes and sectors, several consistent themes reappeared throughout the year:

  • AI tools being adopted faster than security teams can realistically track

  • Browser extensions quietly expanding data exposure

  • Identity permissions drifting over time, particularly within Microsoft 365

  • Attacks increasingly succeeding through people and misconfiguration rather than perimeter failure

None of these challenges are new. What’s changed is how difficult they’ve become to spot without clear, continuous visibility.

As environments grow more dynamic, risk hides in small, everyday changes, not just headline incidents.

The growing gap between adoption and control

One of the most notable shifts we’ve seen is the widening gap between how quickly teams adopt new capabilities and how slowly governance adapts.

AI tooling, SaaS integrations and browser-based workflows bring genuine productivity gains. But without clear oversight, they also introduce:

  • New data flows

  • Expanded access paths

  • Increased reliance on individual behaviour

Security teams aren’t being bypassed intentionally; they’re being outpaced.

Closing this gap doesn’t require slowing innovation. It requires clearer understanding of where exposure actually exists and which risks matter most.

People and configuration remain the primary attack surface

While tooling continues to evolve, successful attacks are still overwhelmingly driven by:

  • Human error

  • Over-permissioned identities

  • Misconfiguration in cloud services

This is particularly pronounced during high-pressure periods, when teams are stretched and attention is divided.

Reducing this risk isn’t about adding friction. It’s about removing ambiguity; making it easier to spot drift, highlight exposure, and intervene early.

A year of progress at Peritus

2025 was also a year of growth for us.

At Peritus Cloud Security, we:

  • Achieved Microsoft, Palo Alto and CrowdStrike accreditations

  • Expanded our presence with a new office in St Albans

  • Welcomed new team members as we deepened our work across cloud, identity and AI risk

These milestones reflect the same trend we’re seeing across our customers: security is becoming more interconnected, more operational, and more central to delivery.

A moment to sense-check before Q1 accelerates

Early in the new year is often the best time to reduce noise before priorities stack up.

For many organisations, a short sense-check across:

  • Cloud configuration

  • Identity usage and permissions

  • AI and SaaS adoption

can surface quick wins, clarify ownership, and create focus before delivery pressure builds.

The Peritus lens

Security works best when it provides clarity, not distraction.

Our role is to help teams understand:

  • What’s changed

  • What truly matters

  • Where ownership sits

So decisions are deliberate, defensible, and aligned with how the organisation actually operates.

Want to explore this further?

We regularly share practical insights on cloud, identity and AI security; grounded in what we see across real environments.

Talk to us about a posture sense-check

Tim Barrow
Previous

What the 2025 Hybrid Mesh Firewall Landscape Really Means for UK Organisations
Next

The State of Enterprise Cybersecurity in the UK - 2026 Outlook