Report: cyber warfare affecting global security environment

A new report from Recorded Future’s

Insikt Group

indicates a more divided and less unified world – something reflected in current events – with growing fragmentation shaping today’s security environment. The “

2026 State of Security: How Global Fragmentation Is Redefining Conflict Across Cyber, Crime, and Influence

” report assesses the geopolitical and cyber threat environment throughout 2025 and provides an outlook for 2026.

According to the report, 2025 experienced more division, with the world’s most powerful countries behaving outside international regulations.

Managed conflicts in global and regional security

Conflicts like Russia-Ukraine and Israel-Iran may be being extended deliberately as countries would rather prolong small-scale conflicts than go to all-out war. For instance, Russia has limited territorial gains maintained by long-range physical strikes and cyber operations against Ukraine and NATO.

Similarly, Israel’s bombing against Iranian nuclear facilities in June 2025 was made to manage long-term threats. Iran retaliated with cyber operations and influence campaigns with an aim of preventing future attacks.

Regional wars are following the same pattern as larger global tensions, with escalation teaming up with cyber warfare. South Asia has witnessed escalations between India and Pakistan, after an attack in Kashmir. To cover all bases, both sides have since implemented cyber espionage and influence operations with military exchanges. In Southeast Asia, Thailand and Cambodia have put peace behind them and renewed hostilities, with digital tools now being used with physical conflict.

The report highlights how US foreign policy details a more forceful and unilateral approach, particularly in the Western Hemisphere. Stronger sanctions enforcement and annexation rhetoric (watch out Greenland), have all strained alliances and created tensions with other countries.

Strategic patience in the cyber domain

In the cyber domain, major state-backed actors prioritise long-term infiltration instead of immediate disruption. China, Russia, and North Korea are working quietly (although not quietly enough for us not to know) to gain access to networks and edge infrastructure in “access-first” models. The goal? To remain undetected and maintain access to gather intelligence over time.

In China, telecommunication networks and perimeter devices have been targeted, demonstrated by the RedMike campaign targeting over 1,000 Cisco devices worldwide. The targets align with China’s industrial priorities, with sectors like semiconductors and manufacturing being strategically and economically crucial.

Russia has combined credential harvesting with access to email and operational technology environments. Groups including SandWorm and BlueDelta concentrated on logistics and critical infrastructure, aiming to stay hidden and provide plausible deniability.

During 2025, Russia increasingly used online common-and-control and scripting, while Iranian efforts were regionally centred, mixing state-affiliated groups with hacktivists. Numerous claims of industrial control system breaches were reported, but often lacked confirmation.

North Korea uses a combination of revenue generation and espionage through cryptocurrency theft and remote IT fraud to fund the regime, without any direct military confrontation.

Spyware and AI advancements lead the way

Commercial spyware has become an important tool in state surveillance. The Pall Mall Code, for instance, imposes standards for spyware use, but these have not yet been adopted. Technical protections, including improved device configurations, have been found to only offer limited safety for users at risk putting no one’s minds at ease.

Meanwhile, cybercrime has been a catalyst for those divisions in 2025. Law enforcement disrupted certain criminal groups, but the ecosystem has adapted to survive. For instance, clever minds working in extortion groups implemented social engineering tactics to bypass security and target major organisations through third-party vulnerabilities.

The ransomware market saw 33% year-on-year increase on variants, despite a decline in reported payments. In Southeast Asia, organised scam operations have been at large, while cryptocurrency issues continue despite stricter regulations.

We couldn’t go on without mentioning AI of course, with advancements affecting both defence and attack methods. AI-powered malware is a particular emerging threat.

Expect continued fragmentation in 2026

Keeping up with the 2020’s trends, ongoing geopolitical tensions and crises are expected and appear to be happening in 2026. The report warns that state-sponsored actors may disrupt connectivity infrastructures, and ransomware may become more modular and commercial.

Elsewhere, AI systems may become primary targets for attacks, while quantum readiness may grow out of its growing phase and be available for adoption. Robotics and space systems have also been identified as emerging cyber-physical domains, but mercifully, there are no mentions of alien threats…yet!

Ultimately, the

report

‘s conclusion is that governments and businesses should prioritise resilience not stability to address a fragmented, somewhat scarred, security landscape.

(Image source: “The art of anti-armor warfare: 3/3 ‘Missile Marines’ prepare for enemy by shooting TOW, Javelin missiles [Image 1 of 7]” by DVIDSHUB is licensed under CC BY 2.0.)

Want to experience the full spectrum of enterprise technology innovation?

Join

TechEx

in Amsterdam, California, and London. Covering AI, Big Data, Cyber Security, IoT, Digital Transformation, Intelligent Automation, Edge Computing, and Data Centres, TechEx brings together global leaders to share real-world use cases and in-depth insights. Click

here

for more information.

TechHQ is powered by

TechForge Media

. Explore other upcoming enterprise technology events and webinars

here

.