TelcoNews UK - Telecommunications news for ICT decision-makers
United Kingdom

Guides

#
5g & beyond
#
internet of things
#
software-defined networking
#
space technologies
#
unified communications

Search

Modern data centers wind turbines solar panels ai network uk australia landscape
#
Storage
#
Hyperscale
#
DC

Cyber resilience, AI & energy shape IT strategies for 2026

Fri, 28th Nov 2025
Author image
By Shannon Williams, Journalist

Experts in Australia and the UK predict significant changes in technology adoption and cyber security strategies for 2026, as organisations contend with rising threats, new energy constraints, and a shift towards more complex, AI-driven environments. Senior executives from Pure Storage and Fujitsu expect resilience and data management issues to be at the centre of business and infrastructure decisions next year.

Cyber resilience shifts

Patrick Smith, Field CTO EMEA at Pure Storage, said: "The number of high profile attacks has been staggering in the last year. Not only in volume, but the extent to which they have crippled major manufacturers and businesses. The historical approach - that of considering cyber resilience as a stand-alone issue, where one vendor can protect an entire company - will be put to bed. Organisations will move away from using point solutions and embrace the wider ecosystem of options as understanding grows that they can't go it alone. An interconnected framework can help prevent a ripple effect when an attack happens - users should be able to identify and halt an attack in progress. The rate and scale of attacks will continue and having a properly integrated framework is vital to mitigate risk and speed up recovery."

Energy constraints

Smith outlined the growing impact of energy availability on new data centre projects in the UK. "While efforts to reduce energy use have fallen down the political and business agenda in recent months, it remains a priority for some. I see three big trends: Energy availability will be a key criteria when it comes to building new data centres and electricity scarcity will hold back construction. Data centre architecture and location will be now primarily based on access to energy. I expect the colocation of energy generation and data centres to avoid dependencies on an underprovisioned grid. District heating solutions (distributing the waste heat produced by data centres in other places) will start to be more prevalent. Providers will start doing something with the heat produced, be it diverting it to residential properties or greenhouses for agriculture. However, until it's mandated by regulation, it won't be taken seriously and governments need to consider this. Another industry standard which should be updated is the way data storage efficiency is measured. Terabytes per Watt (TBe/W) measures the amount of data stored per unit of energy and should be introduced. This is a relevant and clear measurement that captures real-world energy use, and is a simple, vendor neutral, and accurate benchmark. This approach could reduce the impact of increases in energy prices, enhance energy security, and relieve pressure on overstretched infrastructure," said Smith.

AI infrastructure realignment

Fred Lherault, Field CTO EMEA/METCA at Pure Storage, said: "While some organisations are still convincing themselves how essential AI is, most are now realistic about what they do, and crucially, don't deploy. The switch in focus from training to inference means that without a robust inference platform, and the ability to get data ready for AI pipelines, organisations are set to fail. As AI inference workloads are becoming part of the production workflow, organisations are going to have to ensure their infrastructure supports not just fast access but high availability, security and non-disruptive operations. Not doing this will be costly both from a results perspective and an operational perspective in terms of resource (GPUs) utilisation."

"However, most organisations are still struggling with the data readiness challenge. Getting data AI-ready requires going through many phases such as data ingestion, curation, transformation, vectorisation, indexing and serving. Each of these phases can typically take days or weeks and delay the point when the AI project's results can be evaluated. Organisations who care about using AI with their own data will focus on streamlining and automating the whole data pipeline for AI, not just for faster initial results evaluation but also for continuous ingestion of newly created data and iteration," said Lherault.

Cloud repatriation

"The dual issues of AI and data sovereignty are driving concerns about where data is stored, and how organisations can maintain trust and guarantee access in the event of any issues. In order to extract value from AI, it's critical for organisations to know where their most important data is and that it's ready for use. Adding to this are concerns about data sovereignty which are driving more organisations to reconsider their cloud strategy. Rising geopolitical tensions and regulatory pressure will shape nations' data centre strategies in 2026 to combat this. Governments in particular want to minimise the risk that access to data could be used as a threat or negotiating tactic. Organisations should be similarly wary and prepare themselves."

Security integration

Daniel Broad, Head of Managed Security Operations at Fujitsu, said: "The Office of the Australian Information Commissioner, the Australian privacy watchdog, reported over 500 data breaches in the first half of 2025. This trend is accelerated by organisations adopting more SaaS, AI and cloud-native services without full visibility of where their data actually resides. For many companies, this has created a critical blind spot: they no longer have a clear view of where their data truly lives, creating hidden risks to both their business and to national security. By 2026, this gap becomes far more consequential. With stricter enforcement of the Security of Critical Infrastructure (SOCI) Act, regulators won't just ask if you were breached, but how well you managed your data's sovereign risk. This means knowing the exact location, both physical and legal, of all your data, from cloud storage to AI models."

Broad also highlighted the growing danger where digital attacks can impact physical assets. "As we connect everything from hospitals and power grids to ports and logistics, the line between traditional IT and physical operational technology (OT) is blurring. By 2026, this convergence will become one of the defining security challenges across Australia and New Zealand. A compromise targeting hospital systems may no longer simply expose patient data, it could disrupt the equipment that supports critical care. A breach in a port or logistics network could halt cranes, sensors or autonomous vehicles. These physical systems are now vulnerable to the same identity-based attacks and supply chain intrusions used to break into corporate networks. In this environment, public trust hinges on a unified security strategy. This means having a single, real-time view of threats across your entire environment, from the cloud and corporate network right down to the factory controllers and medical devices on the ground. This integration is essential not only for compliance with tightened security legislation but for demonstrating that the organisation can protect both data and the physical safety of the communities it serves. In 2026, IT/OT convergence will be a core expectation of resilient, modern organisations," said Broad.

Internal threats

Broad pointed to issues with lingering digital identities and unsanctioned AI use. "By 2026, organisations will face a new problem: accounts and credentials that belong to people no longer with the company, but which still look and act like insiders. As HR and IT systems become more automated, old identities are easily missed. Accounts from former employees, departed contractors, and dormant service bots will linger in cloud environments and company software. Attackers will exploit these 'digital ghosts' because they appear legitimate, bypass automated offboarding, and blend in with normal system activity. These orphaned accounts will become one of the most effective ways to infiltrate a company, especially in large organisations or those with high contractor turnover. In 2026, cleaning up 'the digital dead' becomes a core security function."

"Shadow AI ecosystems will become one of the most disruptive internal risks for organisations in 2026. Just as shadow IT exploded a decade ago, employees will begin adopting unapproved AI tools, spinning up personal AI agents and quietly connecting them to internal systems, documents and workflows. These tools will feel harmless and highly productive to the individual user, but they will operate entirely outside corporate oversight, governance and security controls. As these AI agents access company information and automate tasks, they will begin running business functions invisibly to IT or security teams. Sensitive data may be stored on unmanaged platforms, decisions may be made through unmonitored pipelines, and core processes may gradually rely on systems no one officially sanctioned. By the time security teams detect them, these shadow AI ecosystems may be deeply embedded in operations, making remediation complex, politically sensitive and potentially disruptive to the business," said Broad.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Aspire Technology valued at GBP £192m in LDC deal
Cyber leaders tip 2026 shift to resilience over prevention
Six UK cyber startups join drive to shield key services
Xona & spotit partner to secure European critical infrastructure
CGI & Freshworks partner to deliver AI service tools in UK

Top stories

Small Cell Forum maps path to interoperable 5G NTN
Satellite, eSIM & loyalty to reshape 2026 telecoms
Most UK parents back plans to cap kids’ social media use
Expereo to manage Kingspan Light, Air + Water network
ControlUp named Gartner Customers’ Choice for DEX