2026 and the Industrialisation of Cybercrime – A Conversation with Fortinet’s Alain Penel
As cybercrime evolves into an industrial-scale business, 2026 is shaping up to be a defining year for security leaders in the Middle East and beyond. Ransomware-as-a-Service, AI-powered attacks, and the convergence of IT and OT are testing the resilience of enterprises, critical infrastructure, and government entities like never before. At the same time, the skills gap is shifting from a shortage of people to a mismatch between traditional expertise and machine-speed, data-driven operations. To unpack what this means for boards and CISOs planning their next moves, Dubai Diaries sat down with Alain Penel, Vice President – Middle East, Turkey and CIS at Fortinet, to discuss the threats that will matter most in 2026, how adversaries are changing their playbooks, and the strategic steps organisations should be taking now to build true cyber resilience.
Threat landscape 2026: What do you see as the three most serious cyber threats that enterprises will be dealing with in 2026, and how are you re-shaping your roadmap to respond to them?
The coming year will not be defined by a single new technique or malware strain, but by the refinement and industrialisation of those that already exist. The global threat environment in 2026 will be defined by speed, automation, and scale with adversaries increasingly operating as industrial systems, using automation, specialisation, and AI to scale both attack speed and reach.
For defenders, this represents a pivotal shift. Security operations can no longer rely on static configurations or periodic assessments. To address today’s rapidly evolving challenges, they must operate as an adaptive system, continuously learning, adjusting, and responding to real-time conditions. As the line between human and machine operations blurs, both attackers and defenders are adapting to an environment where milliseconds can define outcomes.
While securing the individual organisation is paramount, to counter industrialised cybercrime will also demand a more coordinated global response. This is why Fortinet supports public-private partnerships and cross-industry cooperation, such as the new Fortinet-Crime Stoppers International Cybercrime Bounty programme, which will enable global communities to safely report cyberthreats, helping to scale deterrence and accountability.
Ransomware and extortion: ransomware has become a business model. What will differentiate successful ransomware defence in 2026 from what most organisations are doing today?
Adversaries now operate as industries. Standardised playbooks, automation pipelines, and AI augmentation will continue to define their advantage. In 2026, we expect threat actors to focus less on innovation and more on throughput—the ability to move from reconnaissance to monetisation in the shortest possible time. In practice, this means a ransomware affiliate launching 10 attacks in the time it once took to coordinate one or an AI model parsing terabytes of stolen data in minutes to identify which targets to extort first. This shift is reshaping the economics of cybercrime and forcing defenders to compress detection and containment cycles across every environment.
Because attackers will continue to exploit the same AI and cloud platforms that defenders rely on means that productivity, not innovation, will determine impact. Adversaries will continue to accelerate their ability to quickly move from reconnaissance to ransom. Defensive strategies must therefore be calibrated to interrupt that cycle before it completes, with resilience dependent on a threat-informed defense model that connects intelligence, exposure management, and incident response within a unified operational framework.
OT, critical infrastructure and converged security: How do you expect security for OT, industrial, and critical infrastructure environments to evolve by 2026, especially as IT and OT networks continue to converge?
AI-powered attack techniques, the growing scale of Ransomware-as-a-Service, and rising geopolitical tensions are increasing both the volume and sophistication of attacks, especially those targeting OT in high-impact sectors, such as manufacturing, healthcare, and utilities. The Ransomware-as-a-Service (RaaS) model, where data theft, extortion, and service disruption converge in a single playbook, will continue to grow.
Defending at the velocity of today’s threats requires more than automation. It requires context. Threat-informed defense must leverage real-world intelligence to anticipate attacker behaviour and guide decisions across every stage of operations. At the same time, incident response must evolve from a standalone function to a coordinated capability. Unified visibility across endpoints, networks, and clouds, combined with external attack surface intelligence, will enable faster containment and more comprehensive situational awareness.
These trends underscore the importance of a proactive security strategy that integrates real-time threat intelligence, centralised security operations, and continuous monitoring. A platform-based approach provides OT teams with the tools they need to stay ahead of emerging threats while managing complexity and maintaining operational continuity.
Skills, talent and partner ecosystem: Given the ongoing skills shortage, what will an effective security operating model look like in 2026 in terms of internal teams, automation, MSSPs, and partners?
Education and training are not only central to prevention but also crucial in closing the cybersecurity skills gap that continues to challenge both the public and private sectors. The conversation around the “cybersecurity skills gap” often oversimplifies what is, in reality, a structural evolution. The friction arises because the threat landscape—and the assurance bar for effective defense—has been changing faster than many organisations can adapt. New attack surfaces, such as cloud identity, Infrastructure-as-Code, and SaaS governance, demand skills that simply didn’t exist in traditional IT security.
In this sense, today’s “skills gap” is less about scarcity and more about alignment and the need to match specialised expertise to the reality of machine-speed, data-driven operations will become increasingly crucial. AI will continue to play a decisive role in this transition. As security operations become more integrated and data-centric, AI will increasingly act as the connective tissue between disciplines, connecting events, surfacing anomalies, enriching context, and identifying what humans might otherwise miss. The next generation of cybersecurity professionals will need to operate in partnership with AI-enhanced systems that augment rather than replace human expertise.
Advice to CISOs planning for 2026: If you had to prioritise three strategic moves CISOs should make over the next 12–18 months to be ready for 2026, what would they be and why?
AI is now both the weapon and the shield, geopolitical tensions are spilling into corporate networks, and the line between IT and business risk has disappeared. In 2026, CISOs need to assume disruption is inevitable and build resilience by investing in business continuity, segmentation, and recovery readiness. They should treat AI not as a shortcut but instead use it to enhance detection and response. Tied to this is a need for hardened identity management across the board as human and machine agents multiply. CISOs need to oversee a breaking down of silos between security, operations and leadership as resilience depends on shared understanding and unified response. The role of the CISO has never been broader or more vital. Success in 2026 will belong to those who can combine technical depth with strategic vision, turning security from a reactive function into a force for resilience, trust, and growth.
