Excite Cyber experts foresee AI governance, enterprise-wide cyber risk registers, rising demand for digital forensics, and a stronger emphasis on human-centric security as Australia heads into 2026.
Excite Cyber (ASX: EXT) has released its cybersecurity predictions for 2026, highlighting how artificial intelligence, regulation, and human risk management will reshape Australia’s digital security landscape.
According to CEO Bryan Saba, the rapid adoption of large language models (LLMs) in software development will create both opportunities and risks. While LLMs accelerate coding and bug detection, they also introduce new attack surfaces. “Without the right safeguards, LLMs can be manipulated to inject malware, propagate misinformation, or introduce vulnerabilities into otherwise legitimate applications,” warns Saba. He stresses that human oversight in AI governance will remain critical.
“AI-driven development can accelerate innovation, but it can also become a new attack vector if left unchecked.”
— Bryan Saba, CEO, Excite Cyber
One of the most significant shifts expected in 2026 is how businesses manage risk. Excite Cyber predicts that cyber risks will no longer exist in isolation but will be embedded into comprehensive enterprise-wide business risk registers. This change, driven by boards and senior leadership, will see organisations building detailed asset inventories and mapping information flows to link physical, administrative, and technical controls.
Another key trend is the surging demand for digital forensics expertise. With Australia facing a shortfall of nearly 30,000 cybersecurity professionals by 2026, organisations are turning to hands-on training programs that replicate real-world investigations. “Australia’s cyber workforce of the future will be defined not just by qualifications, but by practical capability to respond to complex threats,” Saba adds.
On the regulatory front, Excite Cyber expects more Australian businesses to voluntarily adopt ISO 42001, the global standard for AI management systems, in preparation for strengthening AI regulations. The company notes that aligning with international frameworks will be critical for businesses looking to trade globally while maintaining trust and compliance.
Despite the hype around zero-day exploits, Excite Cyber forecasts a return to basic cyber hygiene as a core defensive measure—emphasising multi-factor authentication, password managers, and backups as everyday safeguards.
Finally, 2026 is set to be the year of Human Risk Management (HRM). Moving beyond tick-box awareness training, HRM uses AI-powered real-time nudges to guide employees in daily decision-making, turning people from the “weakest link” into proactive defenders.
“By embedding security into workflows, businesses can reduce risk, improve response, and strengthen resilience,” concludes Saba.
