Every year, the Securitas Risk Intelligence Center (RIC) identifies the top emerging threats and risks organizations face for the coming year. In 2025, we described the global security risk and threat landscape as ‘unconventional’. For the 2026 security landscape, the best word is ‘convergent’. Increases in geopolitical disruptions, hybrid threats, and information disorder continues to overlap and converge in multiple ways. However, an increased awareness drives an interconnected security strategy to mitigate threats and risks that cross borders and have the potential to disrupt operational efficiency in multiple ways.
The Annual Intelligence Estimate report from RIC provides a snapshot of global threats on the horizon and helps clients stay informed and prepared as they develop their security strategy for the coming year.
In this blog, we’ll cover the top five emerging security threats and trends for 2026. We’ll also look at how they can impact your organization and what you can do now to prepare for them.
Increasing disruption of Critical National Infrastructure (CNI)
Attacks targeting Critical National Infrastructure (CNI) have increased throughout 2025, with hostile actors exploiting both physical and digital vulnerabilities. Elevated geo- and sociopolitical tensions have fueled state-sponsored gray zone warfare (GZW), extremist attacks, and activist movements.
Nation-states increasingly employ proxy threat actors, such as organized crime groups, to conduct sabotage with the intent to destabilize enemy nations and spread uncertainty. In particular, the availability and success of unmanned aerial systems (UAS) allow threat actors to maximize impact with minimal effort or personal exposure. Added to this, increased social media highlighting successful attacks and tactics for future disruptions increases the threat.
CNI targets often include traditional sectors, such as energy or water, while ease of access means threat actors have expanded to include non-traditional sites, such as data centers, or methods, such as cyber-attacks, to increase exposure to their cause. The resulting sabotage and disruptions impact operations, supply chains, financial stability, and even physical well-being.
Global tensions will continue to rise in 2026. Organizations responsible for or linked to CNI can mitigate these threats with a thorough evaluation of their direct exposure to the threat and their indirect exposure, such as through supply chain partners. Security strategies should focus on awareness and situational understanding. Monitor regions prone to geopolitical upheaval closely and maintain awareness of government advisory notices within those areas. Finally, ensure practical safeguards are in place for critical infrastructure, such as water or energy, to build resilient operational processes for CNI.
And even if an organization is not in a CNI sector, consider the indirect impacts in the event of disruptions to critical infrastructure, including power, utilities, IT, and telecommunications.
Public spaces and events increasingly ideal targets
A combination of accessibility, concentrated crowds, the presence of high-value targets (HVTs), and opportunities for wide-ranging publicity to amplify a message makes public-facing events and spaces an attractive target for threat actors.
Ongoing geopolitical tensions and divisive sociopolitical issues, such as environmental protection or the development of artificial intelligence (AI), will remain key drivers for activism and insider threats throughout 2026. Additionally, an increase in extremist and terrorist narratives has the potential to incite and/or inspire attacks with maximum impact, which draws attention to their cause.
Threat actors operating in this space are becoming more resourceful, and the availability of online information enables them to research and plan their actions in advance without being detected by security.
The threat against public spaces and events will continue throughout 2026, calling for a security strategy that combines physical safeguarding and digital intelligence.
To mitigate disruptions, organizations can enhance operational security (OPSEC) around external events, including routes, hotels, or other key locations close to the event. When developing a security strategy for events, use anticipatory models that consider crowd dynamics, protest likelihood, and local intelligence. Finally, appropriate background checks will limit the possibility of threat actors gaining access.
Activist and insider threats driven by changing corporate policies
Changes in corporate policies, primarily environmental, social, and governance (ESG) strategies, amid an increasingly polarized sociopolitical landscape, will trigger grievances among threat actors, including motivating activists and insider threats.
Organizations perceived to be scaling back, delaying, or reframing commitments around climate action, diversity, or social responsibility are facing increasing scrutiny, pressure, and costly disruptions.
Common threats include boycott, divestment, and sanctions campaigns targeting brands and executives, malicious advertising campaigns, and the leaking of sensitive information.
Predictions for 2026 reveal the likelihood of increased political or regulatory influence on organizations to scale back or abandon ESG initiatives, adding to this pressure. Targets will also expand beyond the primary target company to include suppliers and service providers, as well as an increased focus on individuals, such as the CEO and other executives.
A balance is needed to mitigate these threats, given their very public nature. Carefully assess security and reputational risks when issuing public statements on divisive or controversial policies, and identify any links between the organization and current events. Monitor employee sentiments to identify early indicators of dissatisfaction or potential insider threat risks. Finally, align communications from legal, security, and other affected teams to ensure consistent messaging and reduce risks.
Open-source availability makes terror materials easy to find
Extremist propaganda, terrorist manifestos, and instruction materials continue to expand and spread across open-source platforms, mainstream social media, and decentralized file-sharing sites. This is further amplified by AI.
Easy access to detailed guidance for planning attacks, selecting targets, and developing destructive capabilities (i.e., 3D printing of weapons and access to drones) is reshaping the security threat landscape. These materials enable self-initiated terrorists (S-ITs), individuals with no formal links to established terrorist groups, to plan and carry out attacks.
S-ITs remain one of the most difficult threats to detect. They typically have reduced digital footprints (by attempting to remain anonymous) and lack ‘formal’ connections to known ideological organizations. Individuals can become radicalized quickly, and the rate of online extremist content spreading across open platforms will only increase as the year progresses.
To mitigate the threat, develop and regularly test scenario plans for common attack scenarios, including attacks using melee weapons, vehicle-borne attacks, firearms, arson, kidnap-ransom-extortion (KRE), and even harmful substances, including chemical, biological, radiological, and nuclear (CBRN).
Train staff to recognize indicators of potential radicalization and include clear reporting processes. Include monitoring and alerting strategies in security strategies and prepare for operational disruptions during periods of elevated threat levels, particularly in urban environments.
Weaponized Social Media and AI
The use of social media to facilitate mis-, dis-, and malinformation campaigns has increased significantly in 2025 and will continue to rise throughout 2026. Advances in generative AI technology allow narratives, whether true or false, to be created, amplified, and weaponized at unprecedented speed and scale.
Campaigns frequently target individuals and organizations by leveraging false or inflammatory content to drive targeted doxxing, harassment, malicious reputation campaigns, and other forms of coordinated disruption.
AI tools (including free-to-access large language models such as ChatGPT, Gemini, and Grok) can be used to search for personally identifiable information (PII) on targets and weaponize this. If privacy guardrails are not in place (or bypassed), accurate details, including contact numbers, family names, home addresses, and imagery, are easily obtained. High-profile incidents, including the aftermath of the Charlie Kirk assassination involving target lists of employees associated with politicized rhetoric, highlight how the weaponized use of social media can lead to real-world harm.
For 2026, ongoing socio-political polarization will likely fuel growing discontent towards specific organizations, CEOs, and other executives. Weak or inconsistent moderation and the potential amplification of messages will fuel digital activism and ‘social justice’ campaigns targeting individuals, not just institutions.
Organizations are encouraged to conduct regular reviews of available personal information for executives and remove details that can be exploited. Adding robust social media monitoring to your security strategy can identify early shifts in online sentiment and increase awareness of regulatory changes on the horizon. Finally, incident response plans should include doxxing and online harassment scenarios.
Intelligence-led security turns insights into resilience
The security threats facing organizations today no longer exist in isolation. Building resilience relies on a security strategy that uses data-driven insights and expert analysis from local, regional, and global experts to predict what’s around the corner, understand the impact it might have on your organization, and prepare for it.
Reach out to us to get your free copy of the 2026 Intelligence Estimate and discover how Securitas’ intelligence services can help your organization stay vigilant, prepared, and protected in the year ahead.
