Kasey Cromer, Netlok | January 15, 2026
The uncomfortable truth about workplace security in 2026 is that the biggest threat probably isn’t some hacker halfway around the world. It’s the 1) employee who already has access to your systems, 2) AI tool someone downloaded without telling IT, or 3) remote worker logging in from a coffee shop with sketchy Wi-Fi. This blog explores these converging threats facing organizations in 2026 and why traditional defenses are failing. The facts are:
| Metric | Finding | Source |
| Security leaders saying risk has never been higher | 72% | Vanta 2025 |
| Average annual cost of insider incidents | $17.4 million | Ponemon 2025 |
| Days to detect and contain insider incident | 81 days | Ponemon 2025 |
| Companies reporting AI powered attacks increased | 50% | Vanta 2025 |
| Organizations with formal AI security policies | Only 44% | Vanta 2025 |
| Organizations reporting physical security breaches | Over 60% | Zona Facta 2025 |
Security folks have been warning about “evolving threats” for years. But 2026 really is different. The reason? AI stopped being experimental. Google Cloud’s Cybersecurity Forecast 2026 puts it bluntly: attackers have “fully embraced AI.” They’re not dabbling anymore. They’re using it to craft perfect phishing emails, generating deepfake videos of executives, and cracking passwords faster than we ever thought possible.
According to Vanta’s State of Trust Report, 72% of security leaders now say risk has never been higher. That’s up from 55% just a year ago. These aren’t people prone to panic. They’re professionals watching the threat landscape shift beneath their feet in real time.
What concerns me most? SecurityWeek predicts that deepfakes have gotten “good enough and cheap enough to convincingly impersonate executives.” Think about what that means. When your CFO gets a video call from the CEO asking for an urgent wire transfer, how do they actually know it’s the real CEO on the other end? The visual and audio cues we’ve relied on for decades to verify identity are becoming meaningless.
Remember shadow IT? Back when employees started using Dropbox and Google Docs without permission because the company tools were too clunky? We’re seeing the exact same pattern with AI now, except the stakes are dramatically higher.
IBM is predicting that there will be “major security incidents where sensitive IP is compromised through shadow AI systems” this year. Here’s what’s happening in practice: employees are feeding proprietary data into ChatGPT and other tools without thinking twice. Marketing is using AI to draft customer communications. Engineering is debugging code with AI assistants. Legal is summarizing contracts. And IT often has absolutely no idea any of it is happening. Each of these interactions potentially exposes company secrets data and other system & company information to systems they don’t control.
But it gets even stranger. Palo Alto Networks warns that AI agents themselves are becoming insider threats. These autonomous systems can access privileged data, operate around the clock, and if misconfigured, cause damage at machine speed. We’re not just worried about rogue employees anymore. We’re worried about rogue algorithms that never sleep and can process thousands of transactions before anyone notices something is wrong.
The Ponemon Institute’s latest research delivers some brutal numbers: inside related incidents cost companies an average of $17.4 million per year. It takes an average of 81 days just to detect and contain these threats. That’s nearly three months of damage accumulating before you even realize something is wrong. And the longer it takes, the worse it gets. Incidents that drag past 90 days cost nearly $19 million per company on average.
Here’s a twist that sounds like something from a spy novel: Security Boulevard reports that real human operatives, not bots or AI, are now getting hired as remote employees. They use stolen identities to pass interviews and background checks, then gain completely legitimate access to company systems. North Korean operatives have already pulled this off at multiple Western companies. Your next security breach might come from someone sitting in your own Slack channels, attending your team meetings, and collecting a paycheck while they exfiltrate your data.
DTEX Systems’ 2026 forecast emphasizes something important: insider risk is no longer confined to malicious employees. It now includes unmanaged AI use, machine identities, agentic systems, and coordinated nation state infiltration. The old categories we used to think about insider threats have basically exploded. The boundary between “inside” and “outside” barely means anything when your attack surface includes every AI tool, every remote connection, and every automated system with access to your network.
By now, nearly 70% of the global workforce works remotely at least part of the time. That means your security perimeter now includes every employee’s home network, their local coffee shop, that hotel Wi-Fi they used on vacation while “just checking email real quick,” and every personal device that’s ever connected to company resources.
Vena Solutions found that 42% of organizations got hit by successful phishing attacks where remote workers were targeted in 2025. And here’s the part that should worry every security leader: only 6% of organizations feel confident they’ve actually covered all their security gaps. That’s a whole lot of hope and not much certainty. Most companies are essentially crossing their fingers and hoping their distributed workforce doesn’t accidentally open the door to attackers.
With all the focus on cyber threats, it’s easy to forget that physical security is still a massive concern. Medical Economics reports that healthcare workers are getting attacked at alarming rates. A staggering 91% of emergency physicians reported being threatened or assaulted in the past year. California’s new SB 553 law now requires most employers to have written workplace violence prevention plans, and other states are following with similar legislation.
According to Zona Facta’s analysis, over 60% of all organizations experienced a physical security breach last year, costing mid-sized companies around $450,000 per incident. Yet only 20% have an updated, documented security strategy. That disconnect between the reality of the risk and the preparedness to handle it is a serious problem that needs attention.
Every security incident I’ve described, whether it’s a hacker, a rogue employee, a deepfake scam, or a nation state operative, eventually comes down to one thing: authentication. Someone got access they shouldn’t have. And our current methods are failing badly.
Passwords get phished, guessed, or cracked by AI in seconds. SMS based two factor authentication are vulnerable to SIM swapping attacks that are easier to pull off than most people realize. Even biometrics have serious problems. You can’t exactly change your fingerprints or retina scan if that data gets compromised. Once it’s stolen, it’s stolen forever.
This is exactly why we built Photolok at Netlok. Instead of passwords or static credentials that can be stolen, Photolok uses photos you select with encrypted codes embedded through steganography. The photos are randomize every session, so there’s no pattern for AI to learn or attackers to exploit. And unlike a password, which requires creating and memorizing something new, or a biometric, where you quickly run out of options, you can swap your Photolok photos in seconds. If you think something might be compromised, just pick new photos and you’re secure again immediately.
We also built in a Duress Photo feature that addresses a scenario most security tools completely ignore. If someone forces you to log in, whether that’s a robbery, coercion, or an emergency situation, you select a designated photo that grants access but silently alerts security and/or IT that something is wrong. The system lets you comply with the threat while simultaneously calling for help. It’s the kind of feature you hope you never need, but you’ll be grateful it exists if you ever do.
In an era where AI, insiders, and remote work all converge on authentication as the weakest link, Photolok gives you a modern control point that attackers can’t easily mimic, phish, or reuse. It’s authentication built for the threats of 2026, not the threats of earlier times.
Here’s what keeps me up at night: being able to catch an insider threat early versus late the impact can be enormous. Ponemon found that incidents resolved within 31 days cost around $10.6 million on average. Let them drag past 90 days and you’re looking at nearly $19 million. That’s not a rounding error. The $10 million loss may well end your career as well.
BlackFog reports that 77% of corporate boards have now discussed the material and financial implications of cybersecurity incidents. That’s up 25 percentage points since 2022. Security failures aren’t just IT problems buried in some technical report anymore. They’re board level governance issues that can tank stock prices and destroy reputations overnight.
Forrester is predicting that 2026 will see agentic AI cause a major public breach. When that happens, and it’s a matter of when not if, every executive is going to be asking their security team if they are prepared and if not, why not.. The organizations that took action early will have answers. The ones that waited will be scrambling to explain why they ignored all the warning signs.
If you’re responsible for security at your organization, here’s where to focus:
The workplace security landscape in 2026 is messy, complicated, and honestly frightening. AI is supercharging attacks in ways we’re only beginning to understand. Insiders, both human and algorithmic, pose risks that traditional security tools weren’t designed to handle. And the permanent shift to hybrid work has expanded what you need to protect far beyond any physical office.
But here’s what I keep telling people: the organizations that act now, rather than waiting for a breach to force their hand, will be the ones that come out ahead. The question isn’t whether you’ll face these threats. It’s whether you’ll be ready when they arrive.
Want to see how Photolok can help protect your organization?
Request Your Personalized Demo
Kasey Cromer is Director of Customer Experience at Netlok.
[1] Google Cloud. “Cybersecurity Forecast 2026.” November 2025. https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2026/
[2] Vanta. “Top 6 AI Security Trends for 2026.” December 2025. https://www.vanta.com/resources/top-ai-security-trends-for-2026
[3] SecurityWeek. “Five Cybersecurity Predictions for 2026.” December 2025. https://www.securityweek.com/five-cybersecurity-predictions-for-2026-identity-ai-and-the-collapse-of-perimeter-thinking/
[4] IBM. “Cybersecurity Trends: Predictions for 2026.” December 2025. https://www.ibm.com/think/news/cybersecurity-trends-predictions-2026
[5] Palo Alto Networks / Harvard Business Review. “6 Cybersecurity Predictions for the AI Economy in 2026.” December 2025. https://hbr.org/sponsored/2025/12/6-cybersecurity-predictions-for-the-ai-economy-in-2026
[6] Ponemon Institute. “2025 Cost of Insider Risks Global Report.” 2025. https://ponemon.dtexsystems.com/
[7] Security Boulevard. “Security Predictions 2026: Insider Risk & Trust.” January 2026. https://securityboulevard.com/2026/01/security-predictions-2026-insider-risk-trust/
[8] DTEX Systems. “2026 Cybersecurity Predictions.” December 2025. https://www.dtexsystems.com/blog/2026-cybersecurity-predictions/
[9] Baarez Technology Solutions. “Cybersecurity for Hybrid Workforces.” April 2025. https://baarez.com/cybersecurity-risks-for-hybrid-workforces-in-2025/
[10] Vena Solutions. “Remote Work Statistics and Trends for 2026.” November 2025. https://www.venasolutions.com/blog/remote-work-statistics
[11] Medical Economics. “Workplace Violence Prevention in 2026.” November 2025. https://www.medicaleconomics.com/view/6-tips-for-strengthening-workplace-violence-prevention-in-2026-and-beyond
[12] Zona Facta. “Reassess Your Workplace Security Strategy Before 2026.” November 2025. https://zonafacta.com/how-to-reassess-your-workplace-security-strategy-before-2026/
[13] Netlok. “How Photolok Works.” 2025. https://netlok.com/how-it-works/
[14] BlackFog. “Enterprise Cybersecurity in 2026.” December 2025. https://www.blackfog.com/enterprise-cybersecurity-2026-strategies-trends/
[15] Forrester. “Predictions 2026: Cybersecurity and Risk.” October 2025. https://www.forrester.com/blogs/predictions-2026-cybersecurity-and-risk/
Workplace Security in 2026: When AI, Insiders, and Remote Work Collide
Kasey Cromer, Netlok | January 15, 2026 Executive Summary The uncomfortable truth about workplace se[...more]
How Insider Threats Bypass Security: Why Traditional Authentication Fails in the AI Era
Kasey Cromer, Netlok | January 5, 2026 Executive Summary Insider threats now cost an average of $17.[...more]
Authentication at a Crossroads: Preparing for the AI-Powered Threat Landscape of 2026 and Beyond
Kasey Cromer, Netlok | December 4, 2025 Series Recap Part 1 (November 14, 2025) took a deeper dive i[...more]
The $40 Billion Crisis: How AI-Powered Fraud Is Overwhelming Enterprise Security Teams
Kasey Cromer, Netlok | November 21, 2025 Executive Summary Global cybercrime is now a $10.5 trillion[...more]
AI Deepfakes: Enterprise Security Crisis Demanding New Authentication
Kasey Cromer, Netlok | November 14, 2025 Executive Summary A single deepfake video call cost a multi[...more]
Your Personal Data Was Just Stolen: Here’s Your 24-Hour Response Plan
Kasey Cromer, Netlok | October 6, 2025 Executive Summary 2025 is setting new records for cyberattack[...more]
Wrench attacks average more than 1 incident per week in 2025
K. Cromer, Netlok 9/8/2025 This analysis builds on Netlok’s ongoing research into wrench attac[...more]
Measuring MFA’s Defensive Muscle in 2025
A.R. Perez, Netlok. 7/8/2025 Multi-factor authentication (MFA) was once hailed as a near-perfect shi[...more]
The Rise of Deepfakes and Synthetic IDs Challenge Biometric Login Solutions
A.R. Perez, Netlok, July 1,2025 Understanding the Threat Landscape The emergence of sophisticated de[...more]
Member – Insider GovTech
FOLLOW US ON SOCIAL MEDIA
©2015-2026 Netlok. All rights reserved.