In terms of security, 2026 will be a year of evolution, not revolution. Veeam and Check Point both shed light on their expectations for the next twelve months from different perspectives, and it turns out that they expect the same basic trends.
No end of year without lists and trends. The findings and predictions of both Check Point and Veeam simultaneously landed in the editors’ mailbox. Revolutionary insights are not on the agenda: the coming year will be one in which started trends are continued.
It will come as no surprise that backup specialist Veeam emphasizes data protection and recovery capabilities, while Check Point, as a broader security player, cites more general focus points. Although the two companies approach security from different angles, we do see common ground. We highlight four trends.
1) Cybersecurity remains the biggest disruptive factor, but recovery confidence remains fragile
Veeam puts cybersecurity threats at number one: 49 percent of respondents call this the biggest disruptive factor for 2026. AI maturity and regulation (22%) follow at a distance, followed by talent shortages (10%) and cloud complexity/costs (8%). This also translates into “preparedness”: respondents feel least prepared for cyberattacks (29%) and for AI/automation missteps (27%).
According to backup specialist Veeam, the most worrying signal is, not coincidentally, in recovery certainty. Only 29 percent are very confident in recovering important data after a zero-day exploit. And in the event of a multi-day outage at a cloud provider, 71 percent have little to no confidence in keeping the business running (30 percent have no confidence, 41 only a little).
read also
Limited resources drive the right priorities: Veeam CIO Nathan Kurtz
Check Point frames this more broadly: resilience will no longer depend on individual security measures, but on the ability to structurally anchor prevention, transparency and flexibility. In other words, the organization must be able to demonstrably continue to function, not just block attacks.
2) AI simultaneously accelerates defense and attack capabilities
Veeam explicitly sees AI as a threat engine: 66 percent of those surveyed call AI-generated attacks the biggest threat to data, even above ransomware (50%). The question here is a bit strange, since AI-generated phishing, for example, can be a vector for ransomware. One does not exclude the other, but the figures illustrate how the fear lives that AI can greatly help criminals.
Check Point describes the same situation: in 2026, AI will increasingly drive detection, analysis and decision-making, while cybercriminals will use AI to operate more purposefully and efficiently. As a result, organizations must build defensive systems that can learn and respond in real time, and not treat AI as a separate add-on, but as an integrated part of their security strategy.
3) Visibility, observability and audit trails become critical building blocks
Veeam points to a structural visibility problem: due to the growth of multicloud and SaaS, a majority say they have less visibility into where data is located (44 percent say somewhat less, sixteen percent significantly less). Less oversight makes recovery, compliance and incident response more difficult.
Check Point extends this to AI workflows. With Agentic AI, systems are shifting towards autonomy, which raises questions about management: who validates actions, monitors logic and intervenes when intention and outcome diverge? The answer is observability, it sounds, in addition to clear policies and immutable audit trails that record autonomous decisions. In addition, Check Point warns that models themselves are becoming an attack surface, meaning that integrity cannot be patched once, but must be continuously monitored.
4) Governance, supply chain and sovereignty shift from compliance to core strategy
Finally, Veeam sees a strong governance reflex. 88 percent think it is extremely or moderately important that partners and suppliers comply with their own cyber and data security standards. In addition, a majority expect that more responsibility at the management level will have an impact on cybersecurity (41 percent large, 31 percent average impact).
Also striking: 72 percent are in favor of a ban on paying ransom in ransomware attacks. Sovereignty is also decisive: 76 percent expect data sovereignty pressure to impact cloud strategies; 46 percent find sovereignty extremely important.
Check Point links this governance focus to autonomous AI: without policy frameworks and auditability, efficiency becomes an unmanaged risk. Together, both messages show that resilience in 2026 revolves around a mix of security, recoverability, visibility and manageability — because that combination determines how quickly and controlled an organization can recover when things go wrong.