Ella Broadbent, Senior PR Consultant at Petal & Co
This week, I attended Recorded Future’s Predict Europe event, which brought together some of the world’s leading cybersecurity minds – from intelligence analysts to CISOs. The event provided a deep dive into how elite teams are using intelligence, often AI-driven, to stay ahead of threats and shift from reactive responses to real-time defence.
Recorded Future, the world’s largest threat intelligence company, was acquired by Mastercard in 2024. Hearing directly from its experts and partners offered a clear picture of the state of global cybersecurity in 2025. After attending sessions with founders, partner deep dives, and CEO Colin Mahony’s 1-2-1 interviews with journalists, here are my key takeaways.
The biggest threats of 2025, and predictions for 2026
2026 will be the year of supply chain attacks
The economic fallout from the Jaguar Land Rover cyber attack – the costliest in UK history – demonstrates how a single breach can send terrible ripples across entire ecosystems. Beyond the immediate impact on the company and its suppliers, employees lose jobs, families are affected, and local businesses suffer.
Speakers emphasised the importance of full visibility across every potential point of vulnerability, including third- and fourth-party suppliers. Around 30% of breaches now originate from third-party vendors. Threats are moving deeper into supply chains, with risk exposure changing daily due to software vulnerabilities, cloud misconfigurations, and geopolitical events.
An intelligence-driven approach to third-party risk management is now essential for organisations seeking to detect and mitigate immediate threats across their networks.
Ransomware goes mid market
While headlines often focus on large-scale breaches of household names, experts at Predict noted that ransomware gangs are increasingly targeting mid-sized businesses.
Lower costs, the rise of ransomware-as-a-service, and the commoditisation of infiltration tools have made attacks accessible to a wider range of actors, from opportunistic individuals to disgruntled employees. Colin Mahony, CEO at Recorded Future, noted that ‘attackers are no longer coming from some far away place – they could be someone down your street or in your city’. The result is a higher volume of attacks, often seeking smaller payouts.
Mid-market businesses are particularly exposed. They handle substantial financial transactions but often lack the dedicated cyber teams and resources of larger enterprises. Recorded Future experts stressed that focusing on fundamental cybersecurity practices – strong password management, multi-factor authentication, and clear incident response plans – can make a meaningful difference.
The evolution of geopolitical and nation state attacks
Nation-state attacks, such as the RedMike cyber espionage campaign, are nothing new, but their tactics are shifting. Attackers are increasingly pursuing financial gain alongside state secrets, funding broader state campaigns. With geopolitical turbulence rising, these attacks are becoming a growing concern in the security realm.
Conflicts are evolving into hybrid wars, blending traditional military operations with cyber tactics. Attribution is harder than ever, as state-backed groups increasingly use the same off-the-shelf ransomware tools as ordinary criminals.
A key emerging tactic is the use of synthetic identities – fabricated personas created to secure remote roles, often in IT teams, to infiltrate systems and extract data or funds. Once embedded, they can be extremely difficult to detect or remove. Experts recommend rigorous verification for remote hires and continuous monitoring of user activity to mitigate this risk.
Step into the future – autonomous intelligence
The central highlight of Predict Europe was Recorded Future’s announcement of its game changing Autonomous Threat Operations. This approach transforms threat intelligence from static insights into automated, continuous defensive actions across the security ecosystem.
As CEO Colin Mahony explained: “The future of intelligence is not just about seeing more threats. There’s always going to be more threats. It’s about stopping them. Automatically. Every. Single. Time.”
The system automates detection, correlation, and response, enabling security teams to keep pace with AI-driven attacks. Importantly, humans remain ‘in the loop’, collaborating with AI agents rather than being replaced by them, to ensure decision-making and oversight remain strong.
A ray of sunshine in the storm
While cyber attacks remain relentless, there is reason for optimism. Just imagine the huge number of attacks that never made the headlines because they were stopped by security teams before they ever caused any damage.
The cybersecurity community is increasingly collaborating with governments and partners to share intelligence and strengthen global defence. Defenders are becoming more adept at reverse-engineering attacker tactics, staying ahead of threats through skill, technology, and collaboration.
In Colin Mahony’s words: “I’m much more optimistic about the state of cybersecurity now than I was a year ago – and I’m confident I’ll feel even more positive a year from now.”
Intelligence remains the key driver for effective cybersecurity – informing decisions, shaping responses, and protecting everything from critical infrastructure to global enterprises. The threat landscape will continue to evolve, but defenders are evolving too, becoming smarter, faster, and better equipped to respond.
