Prepare for 2026 cyber challenges

by EDWARD MILLINGTON FOR THE PAST FEW YEARS, Barbados and the wider Caribbean region have suffered numerous damaging cybersecurity attacks orchestrated by well-known international cybercriminal groups.

These attacks have caused significant financial and operational losses for many governments, businesses and industries.

Additionally, the loss of intellectual property (IP), stakeholder privacy and potentially safety has eroded public and international trust in the region’s digital systems.

Such cybercriminal activities are undertaken primarily for financial gain, regardless of the harm they may cause to stakeholders, economies and international relationships.

2026 cyber risk contributors

As we navigate the 2026 business cyber threat landscape, the World Economic Forum’s

Global Cybersecurity Outlook 2026 report provides a clear assessment of today’s digital risk environment that should inform our decision-making as we plan, develop or optimise cybersecurity strategies for cyber resilience.

The already known and growing risk environment is worsened further by accelerating artificial intelligence (AI) threats, geopolitical volatility, supply chain vulnerabilities and growing cyber inequity.

As board advisors and resilience strategists, we strongly advocate for stakeholder collaboration and proactive cyber strategies to strengthen resilience against cybercrime. This is done at the micro and macro levels, not only in Barbados but throughout the region, recognising that cybercrime is borderless and transnational, making it everyone’s business and a mature discussion at the highest level. Following are solutions to the growing crises.

AI-powered defence and governance

In my published article in the PECB Insights Global Magazine titled The Intersection Of AI And Cybersecurity: Governance And Risk Management In The Age Of Intelligent Systems, I highlighted the necessity for trustworthy AI in a highly digital-transformed world. With over 80 per cent of businesses integrating AI into their services and processes, emerging cyber and information security risks remain undiscovered or inadequately addressed.

Therefore, the need for AI governance is longstanding and urgent.

The use of AI by cybercriminal groups should signal to businesses and governments the decisive role of AI in both offensive and defensive operations. That is, fight AI with AI to minimise risks from AI-enabled cybercrime, including financial fraud and phishing.

With 94 per cent of leaders citing AI as the top cybersecurity disruptor, leaders must adopt robust AI governance strategies to implement trustworthy AI and leverage AI in cybersecurity to mitigate cyber risks that threaten the organisation’s strategic well-being.

Supply chain cyber resilience

Third-party risks remain a critical weakness for many businesses and will continue to grow in 2026 unless third-party supply chain risk management strategies are implemented. Risks such as cyberattacks that can cause operational losses and compromise data and privacy are very real. That is, business-resilient strategies must be mature to build digital operational resilience and trust.

Hence, businesses must map ecosystems, assess vendor maturity and build integrated resilience to ensure their partners don’t become their weakest link amid increasingly sophisticated cybercrime attacks.

Geopolitical cyber readiness

As global tensions mount, geopolitical cyber readiness is crucial to protecting digital economies and well-being. However, in such a volatile environment, as highlighted in the report, and amid recent United States-Venezuela war-like dynamics, tariffs, other geopolitical trade tools and tightening budgets will impact cyber resilience programmes, creating greater vulnerabilities for cybercriminals to exploit.

Therefore, from a regional perspective, the risk to national critical infrastructure is high, potentially leading to economic and service disruptions and, in extreme cases, loss of life.

This poses a significant national security threat.

Memories of the Queen Elizabeth Hospital cyberattack must never be forgotten.

That said, in a fragmented world, threat intelligence and cross-border collaboration are essential. Therefore, public-private partnerships will be crucial to developing geopolitically informed cyber strategies and enhancing the protection of national critical infrastructure.

Bridging the cyber equity gap

Cybercrime is constantly evolving, so cyberresilient strategies must be flexible. However, with shrinking budgets and shifting business priorities, it is very challenging for boards, corporations and government bodies to adapt to and maintain an evolving resilience programme.

According to the report, 87 per cent of the region’s cyber resilience capacity either barely meets or falls short of expectations.

This results in a vulnerable digital ecosystem that is susceptible to exploitation. Therefore, through partnerships, shared threat intelligence, capacity-building programmes, and customised solutions, Barbados and the region can collaborate more effectively to bridge the cyber skills and resource gap.

Crisis and resilience leadership

Within our region, genuine digital sovereignty does not exist. We are relying on someone else’s technology, service and infrastructure. Sadly, they are our dependencies and without a strong, mature cyber culture, they pose emerging risks that could escalate into crises.

Managing these risks to build resilience requires a cyber-resilience compass, as highlighted in the report. It will clearly demonstrate our capabilities and maturity, as well as our ability to remain resilient in times of crisis. Therefore, from board-level cyber leadership and governance to incident response and crisis management simulations, we need to equip our leaders with the tools to transform cyber risk into strategic advantages, delivering economic value and digital well-being.

Conclusion

Our digital future depends on how we proactively respond to changes and make mature, informed decisions to govern, collaborate, share, and innovate to secure our digital wellbeing, whether nationally or regionally. We are all stakeholders in our digital well-being!

Edward Millington is the founder and managing director of CariSec Global Inc. He has about 30 years of experience in information systems security, information and communications technology, and telecommunications.