Cyber defences — Cyprus Firms Strengthen Cyber Defences Amid Rising Global Risks

Cyprus is set to enhance its corporate and institutional cyber defences as part of a national digital policy, according to Andrey Leskin, chief technology officer of Qrator Labs. Speaking to the Cyprus Mail, Leskin expressed concerns about the increasingly complex and dangerous global cybersecurity landscape projected for 2026.

Leskin noted, “Digital capabilities and resilience to cyberattacks are among the key priorities of the country’s national digital policy, with the government strengthening the institutional framework and cooperation with the EU.” This initiative has been underscored by recent comments from Deputy Minister of Innovation Nicodemos Damianou, indicating a proactive approach to cybersecurity.

As 2026 approaches, more companies and organisations in Cyprus are expected to bolster their cybersecurity measures. Leskin pointed out a shift towards prevention rather than reaction, with systematic investments in advanced technologies like zero-trust architectures and DDoS-mitigation solutions becoming essential.

The evolving threat environment will not be dominated by sudden, dramatic events but will instead be characterised by a gradual accumulation of risks. Factors such as artificial intelligence, ageing infrastructure, and the increasing interconnection of systems will compound the challenges faced by organisations.

Leskin highlighted a significant trend: the widespread adoption of AI agents in digital tools. These agents, embedded in browsers and search engines, aim to assist users but are already showing vulnerabilities to manipulation. “Websites can hide instructions that are interpreted by AI assistants, allowing attackers to inject malicious prompts into browsing sessions without users realising it,” he explained.

As AI-driven browsers become more prevalent, researchers anticipate that there will be public disclosures of attacks where users unknowingly expose sensitive information, such as passwords and account details. Leskin warned that compromised AI agents could even be exploited to launch attacks against third-party resources.

Another pressing concern is the availability of smaller, efficient AI models capable of running on personal devices like smartphones and laptops. “Tasks that required cloud-based AI systems just a few years ago can now be handled by compact models,” he noted. This shift poses a significant security risk, as attackers can generate malicious code on demand without relying on traditional malware that is easily detected.

Leskin explained how this method allows attackers to evade conventional security measures, resulting in a diverse range of behaviours that are challenging to identify. This complexity is particularly problematic in application-layer attacks, where traditional detection techniques may fall short.

Beyond AI, the increasing reliance on complex digital supply chains is raising systemic risks across industries. A single incident at a service provider could trigger disruptions across multiple organisations, leading to widespread consequences. “Such chain reactions are likely to become more common by 2026,” Leskin warned.

The issue of ageing software and hardware remains critical, especially for medium and large organisations that depend on outdated systems. “Many organisations continue to rely on systems deployed years ago,” he said, pointing out that obsolete software exposes known vulnerabilities to the internet. Small businesses and individual users are also at risk, particularly through devices like routers and smart appliances that often go unupdated.

In light of these challenges, cybersecurity strategies are shifting focus from merely identifying threats to understanding intent. “Defenders need to focus on intent rather than form,” Leskin stated, noting that AI advancements make traditional controls, like CAPTCHAs, easier to bypass.

Despite the rapid technological changes, Leskin emphasised that fundamental security principles remain vital. Strong access controls, diligent monitoring of user actions, and reliable backups are essential for building resilience against potential cyber incidents. He underscored the importance of backups as a safeguard for recovery from catastrophic events.

For individual users, the evolution of AI-powered browsing tools presents new risks. Leskin cautioned that users are assuming risks that are difficult to define or limit. The cybersecurity landscape of 2026 will be shaped more by the interaction of existing threats than by entirely new challenges. “Success will depend not only on how well organisations protect themselves but also on how prepared they are to withstand disruption when protection inevitably fails,” he concluded.