Cyber risk trends in 2026: key insights for Australian businesses
Cyber risk continues to evolve, shaped by changes in threat activity and regulatory expectations. In a recent QBE Q Academy webinar (Different Rules, Same Attackers: A Global Cyber Risk Comparison – AU & NZ – YouTube), speakers including QBE Cyber Product Lead – Corporate, Financial Lines and Multinational Ben Richardson outlined current trends across Australia and globally, highlighting consistent patterns in how cyber incidents occur and how organisations are expected to respond.
While the risk landscape varies by sector, the webinar showcased several themes that are emerging – particularly around ransomware, human behaviour, supply chain exposure and governance.
Ransomware and vulnerabilities remain prevalent
QBE research referenced in the session found that ransomware continues to feature prominently in reported cyber incidents. Rather than operating consistently across all sectors, threat actors often respond to opportunity.
As Richardson noted, spikes in activity are “aligned to a specific vulnerability being exploited, or an industry group that becomes a key focus.”
Recent examples involving enterprise software vulnerabilities – including widely used applications and network infrastructure tools – demonstrate how weaknesses can be leveraged quickly once identified. This highlights the ongoing nature of cyber risk, where new vulnerabilities continue to emerge.
Human behaviour remains a contributing factor
Cyber incidents are not solely driven by technical factors. Human behaviour continues to play a role, particularly in attacks involving phishing and social engineering.
QBE research referenced in the session found that more than one-third of surveyed workers reported clicking a phishing link.
In line with this, social engineering remains a leading cause of incidents across regions, reinforcing that cyber risk spans both technical controls and organisational practices.
Supply chain risk is an ongoing consideration
Modern organisations rely on a wide range of third-party providers, platforms and software, which can expand the potential attack surface.
As highlighted in the webinar, digital supply chains are “wide reaching and easy to lose visibility of if governance isn’t up to par.”
Supply chain vulnerabilities and third-party dependencies continue to be observed in cyber incidents, indicating the importance of understanding how external relationships can influence exposure.
Regulatory expectations are evolving
Regulation continues to play an important role in shaping how organisations approach cyber risk.
In Australia, the Privacy and Other Legislation Amendment Act 2024 (Cth) reinforces that “reasonable steps” to protect personal information include both technical safeguards and organisational measures such as governance and incident response.
More broadly, regulatory frameworks are placing increased emphasis on:
- Board-level oversight and accountability
- Operational resilience and preparedness
- Incident reporting
- Third-party risk management
In addition to the existing Mandatory Notification of Data Breach (MNDB) Scheme under the Privacy Act, we now also have new reporting requirements for ransomware payments under the Cyber Security Act 2024.
Global trends reflect similar patterns
While regional differences exist, global cyber trends remain broadly consistent. Common entry points for incidents include exploitation of vulnerabilities, phishing and compromised credentials.
Ransomware continues to be a defining threat across sectors, particularly where operational disruption or access to sensitive data can have significant impacts.
As Richardson observed, cyber risk is “a global risk,” with many of the same underlying patterns visible across different jurisdictions.
A changing environment
Cyber risk continues to be shaped by a combination of technological change, threat actor behaviour and regulatory development.
As noted in the webinar, organisations that delay addressing governance or data management challenges may find themselves responding under increasing pressure as expectations evolve.
Watch the webinar
To explore these insights in more detail, including regional perspectives and examples, you can watch the full QBE Q Academy session: Different Rules, Same Attackers: A Global Cyber Risk Comparison.