It’s that time of year for reflection on the past year and predictions on what’s to come. I thought I’d do a little predicting of my own for things that will happen in 2026 within the GRC/Cybersecurity space. Then next year, I can look back on them and think “wow, how wrong those were!”
Don’t forget to drop your predictions for 2026, or tell me where you think I’ve gone wrong in mine!
Here are my predictions for 2026, in no particular order:
- “Buy a Compliant Audit” companies will officially be out of the marketplace
- There has been much said this year regarding companies that advertise “compliance to X framework in 6 weeks or less.” I have yet to see a security person I trust give these companies any time of day, and I think the scam will come to light and fully make them extinct in 2026. My guess is that companies will also stop doing business with anyone who has one of these “stamps of approval” within their vendor standards starting in 2026, and this will also make the companies less used. Let me be the first to say – good riddance!!
- External auditors will begin to require automated solutions for larger companies
- Automated GRC solutions for control and audit management are hot in the market right now, and are being adopted by security and risk teams throughout the market across industries. If you can afford it, it truly is some of the best that money can buy. I think 2026 will be the year that auditors get involved in tool selection, and some larger companies will start to be required to implement these tools by their external auditors. Whether through partnership from the external auditors, or minimum tool requirements, audit firms will start to see the efficiencies created on their side from the use of these tools, and I think they will start to mandate to save time & be able to complete more audits within a calendar year. I could use some of my audit humor here (if you’ve worked with me, you know I have a stand up special prepared during any audit for some comic relief!), but instead I’ll use this space to believe that 2026 is the year that auditors begin to embrace something that works for everyone!
- New industry standards will be created & embraced by the security community
- A hot topic in the last few weeks has been the fluctuating regulatory environment in both security and privacy that folks are facing. Some is de-regulation, some is delayed regulation, but it all results in a gap for some folks who aren’t sure what type of mitigations and controls to put into place. I think some companies are seeking the certainty that regulations give them (in some sense – many are still vague and/or written by non-industry experts which make them difficult to implement!), and I think this is going to create some folks who create a “plug and play” security framework which, if implemented, would help meet both regulatory and industry expectations, and create a whole new type of framework. I think this may continue the concern around lack of risk management related to control implementation, but is certainly an interesting development in the world of frameworks.
A few resolutions for me as well:
- Regular posting! I’ve been nervous about posting my first “real” blog post, as I don’t know how interesting or novel anything I have to say in comparison to the blogs & Substacks of true industry experts I read. Next year, I will get over that fear, and post at least once a month!
- Broaden my consumption of security and risk content! Right now, I have a few go-tos that I read posts from, but would love to expand to podcasts, short or long form videos, etc. – any suggestions or recommendations?
- Try new things! Collaborate with new people, companies, business models, frameworks & ways of working to see what works – want to join? Message me about the best way for us to work together & solve problems for you!
What’d I miss? What are your predictions for 2026? Any resolutions you want to add? I’d love to hear from you!
Have a safe and happy holiday season filled with relaxation and spending time doing things that make you feel great 🎉!
Leave a comment