01/07/2026

Quarterly Threat Report: Q2 2026 Round Up

Insights

Cyber Security

Back

This Q2 2026 cyber threat report highlights a growing reality for UK businesses: cyber attacks are becoming faster, more automated and increasingly focused on exploiting identity, trust and supply chains.

The biggest cyber stories this quarter were not just about stolen data. They highlighted something more important for business leaders, the operational impact of an attack.

When systems become unavailable, suppliers are compromised or sensitive information is exposed, the consequences extend far beyond IT. Customer relationships, productivity, revenue and reputation can all be affected.

According to CrowdStrike’s 2026 Global Threat Report, the average eCrime breakout time has fallen to just 29 minutes, with the fastest observed breakout taking only 27 seconds. At the same time, AI-enabled adversary activity increased by 89% year-on-year.

For organisations, this means the window to detect and respond to modern cyber threats is becoming smaller. Cyber security is moving aways from preventing attacks to ensuring the business can continue operating when disruption occurs.

Q2 2026 by the numbers

Recent key findings highlight the scale of the challenge facing UK organisations:

The figures show that while awareness of cyber risk is improving, many organisations still have work to do when it comes to building practical resilience.

The key cyber threats affecting UK businesses in 2026

Disruption is now one of the biggest cyber risks

The cyber incidents affecting Marks & Spencer, Co-op and Harrods were among the biggest security stories of Q2.

While investigations continue, the incidents demonstrated a key lesson – the impact of a cyber attack is often measured by disruption rather than data loss alone. For modern businesses, digital systems are central to everyday operations. When those systems are unavailable, the impact can quickly spread across the organisation.

These incidents also reinforced the importance of identity security and third-party risk management. Attackers are increasingly looking for trusted routes into businesses rather than relying solely on technical vulnerabilities.

Identity is now a primary security concern

Many attacks today begin with compromised credentials rather than sophisticated malware. Attackers are using:

  • phishing campaigns
  • social engineering
  • stolen credentials
  • session hijacking
  • MFA fatigue techniques

Once access has been gained, attackers can often move through an environment using legitimate accounts, making malicious activity harder to identify.

This is why identity security has become one of the most important foundations of modern cyber resilience. Businesses should regularly review:

  • who has access to critical systems
  • whether users have more permissions than they need
  • how privileged accounts are protected
  • whether suspicious sign-in activity can be detected quickly
  • whether MFA is configured properly, not just switched on

Attackers do not always need to break down the door. Increasingly, they are logging in with valid credentials.

Supply chain attacks remain a growing cyber security threat

Businesses increasingly rely on suppliers, cloud platforms and external service providers to operate effectively. That brings huge benefits, but it also creates risk.

If one trusted supplier is compromised, attackers may be able to use that relationship as a route into other organisations. This is why supply chain attacks remain one of the most important cyber security trends in 2026.

Despite this, supplier security reviews are still not common enough. Research referenced in the Cyber Security Breaches Survey 2025/2026 found that supplier risk management remains a weakness for many organisations.

For businesses, the priority is not just understanding internal risk. It is understanding who else has access to your systems, data and customers.

AI is changing the threat landscape

Artificial intelligence was one of the biggest themes throughout Q2. For attackers, AI is making it easier to create convincing phishing messages, automate reconnaissance and scale attacks more quickly.

Government ministers warned UK businesses that AI is making cyber attacks faster, cheaper and easier to carry out.

CrowdStrike’s research supports this trend, highlighting the 89% increase in AI-enabled adversary activity and the growing use of AI to support credential theft, reconnaissance and evasion techniques. At the same time, organisations are rapidly adopting AI tools such as Microsoft Copilot and other workplace assistants.

The challenge is ensuring security controls keep pace with adoption. The Cyber Security Breaches Survey found that only 24% of organisations using or considering AI have processes in place to manage the associated risks.

Before expanding AI usage, businesses should understand:

  • where sensitive data is stored
  • who can access AI tools
  • whether permissions are appropriate
  • what governance controls are required

The organisations that benefit most from AI will be those that establish strong foundations first.

What businesses should focus on now

Based on the trends seen throughout Q2, organisations should prioritise:

  • Strengthening identity security: Review access controls, protect privileged accounts and ensure users only have the permissions they need.
  • Improving security awareness: Phishing remains one of the most common attack methods. Regular training and testing remain essential.
  • Reviewing supplier risk: Understand which third parties have access to systems and whether appropriate security controls are in place.
  • Testing recovery plans: Backups are important, but businesses also need confidence that they can restore operations quickly after an incident.
  • Preparing for AI securely: AI adoption should be supported by clear policies, data protection measures and governance.
  • Making cyber security a leadership issue: Cyber risk affects the whole organisation. It should be discussed alongside other business risks, not treated as an IT-only responsibility.

The biggest risk is being unprepared

Q2 2026 reinforced a growing reality: cyber attacks are becoming faster, more automated and increasingly focused on exploiting trusted identities and relationships.

But the organisations best placed to respond aren’t always those with the biggest security budgets. They’re the ones that understand their risks, get the fundamentals right and prepare before an incident happens. As businesses continue to adopt AI, cloud technologies and digital services, cyber resilience is becoming a key part of long-term success.

The cyber threat landscape will continue to evolve throughout the second half of 2026, but the foundations of good cyber security remain the same: strong identity controls, effective governance, employee awareness and a clear understanding of organisational risk.

Because the question isn’t whether organisations will face cyber threats. It’s whether they’ll be ready when they do.

Share post