December 24, 2025 4 Minute Read

With only a few days remaining in 2025, we sat down with Sundhar Annamalai, Chief Strategy Officer, LevelBlue, to discuss some of the major inflection points facing the cybersecurity industry in the coming year

1. What major geopolitical or macroeconomic forces do you believe will most shape the cybersecurity landscape in 2026?

Sundhar Annamalai: Without speculating on what geopolitical events may transpire over the coming months and years, we expect to see continued growth in state-sponsored cyber threats across all regions.

All organizations are potential targets, but most significantly, government entities and critical infrastructure. In the face of continued cyber threats, these industries have an imperative to harden their defenses and develop resiliency in the event of a breach.

The ability to understand and meet the needs of these organizations from an operational (e.g., data sovereignty) and economic perspective presents a real opportunity for cybersecurity providers.

On the macroeconomic front, we are operating in an environment of persistent uncertainty, with concerns of a potential pullback in equity valuations and stubborn inflation driving caution in decision-making.

These conditions ultimately force organizations to operate on tight budgets with a hesitancy toward making meaningful investments. Pairing these resource constraints with an ever-expanding attack surface and increasingly sophisticated, AI-driven cyber threats present a serious challenge for organizations and results in significant risk exposure.

At the same time, this economic reality presents an opportunity for organizations to seek cybersecurity providers who can:

• Operate as a partner more efficiently and at scale than an organization can individually
• Bring innovation and forward-thinking to everyday service delivery
• Demonstrate the value of their services and deliver tangible outcomes that support clients’ business objectives.

2. As AI tools become more accessible to defenders and attackers, how do you foresee the cybersecurity market adapting to this accelerating arms race?

Sundhar Annamalai: The cyber threat landscape is continuously evolving. AI represents the next phase in that evolution and the most challenging to address. We expect to see the threat volume continue to accelerate, paired with increased sophistication in the form of more believable social engineering, deepfakes, and the like.

But with that challenge comes the promise of AI-driven security measures to protect against evolving attacks. Protecting organizations with a human-led approach will become near-impossible given the scale of threats they will encounter, driving the imperative to integrate AI into and ultimately take the lead in detection and response.

In the near term, organizations face a trade-off on decisions surrounding their willingness to allow AI agents to have remediation and/or enforcement controls versus human-centered actions to review AI-provided recommendations before implementation, given potential risk to enterprise resiliency.

However, as this perception of risk is addressed over the longer term, AI-powered cyber platforms will largely be able to assess risk and ‘negotiate’ enforcement with key platforms via approved secured interfaces, mostly eliminating volumes and allowing security teams to focus on critical cyber challenges.

This leaves a critical question for the cyber industry and organizations to answer: How quickly can they accelerate from an AI-enabled to an AI-led cyber defense approach.

This obviously presents a buy vs. build question around the development and integration of AI-led defensive capabilities. AI talent is at a premium across industries, so we expect to see a pivot to the buy approach, with an acceleration in the acquisition of AI technologies and organizations that support the broader cyber defense program.

3. With security vendors consolidating and customers demanding integrated platforms, what will the cybersecurity industry's competitive landscape look like by 2026?

Sundhar Annamalai: We see two dynamics at play simultaneously in the market today: consolidation to scale operations, and development of platform-based security posture.

• Consolidation

The industry appears to be at an inflection point, beginning to mature from its early, highly fragmented point-solution structure and transitioning into a more consolidated set of companies that will become the key players in the market.

This is the natural cycle one would expect from a strategic perspective and comes with a variety of benefits through scaling of operations for those consolidating companies.

• Best in Breed/Legacy

Conversely, many organizations will remain in a multi-vendor environment for key aspects of their security stack for a variety of considerations. Despite the prevalence of consolidation, many companies still have apprehension about putting “all their eggs in the same basket.”

Additionally, organizations have considerations by region, organizational function or legacy deployments deployed as part of a critical security, IT or operational workflow, making consolidation challenging.

• Platform development

There is also an increasing demand from clients to integrate technologies and vendors and simplify cyber operations, driving the adoption of platform postures spanning endpoint, network, identity, cloud, and other aspects of the technology stack.

We are particularly excited about LevelBlue’s market position on both of these developments. 

We believe we are a natural consolidator in the managed services market, as evidenced by our recent acquisition of Trustwave, and we are continuing to grow our position as the world’s largest pureplay MSSP. 

In parallel with that consolidation, we are continuing to expand our capabilities from a security platform perspective, as seen in our recently completed acquisition of Aon’s cybersecurity business and pending acquisition of Cybereason, enabling us to bring best-in-class services across the network, endpoint, and other critical technologies.

4. Where do you expect organizations to focus their cybersecurity budgets in 2026, and what emerging capabilities will see the biggest demand?

Sundhar Annamalai: The role of the CISO continues to become more and more challenging with expanded attack surfaces, increased cyber threat volume and sophistication, and security tool/technology proliferation.

As a result, we expect to see organizations focus their budgets on capabilities that allow them to more efficiently manage their technology stack, protect their environments, and proactively build resilience within their environments.

This will include:

• Consolidation of network security architecture to a SASE-based framework and Zero-Trust Implementations

• Proactive measures such as Threat Hunting, Penetration Testing, etc.

• MXDR

• Integration of IT and OT

Underlying all of this will be increased interest and spending in AI enablement technologies, as discussed above. We expect that space to grow rapidly in 2026 and beyond.

5. How critical will cross-industry collaboration and intelligence sharing become to maintaining collective defense in a more fragmented and volatile cyber environment?

Sundhar Annamalai: We firmly believe that cybersecurity is a team sport, not only between our clients and us, but also among the broader industry and government ecosystem. Cyber threat actors are more capable than ever, and we all have an obligation to work together to protect our businesses and communities against these threats.

There is significant potential for real-time intelligence (e.g., threat intelligence, anonymized telemetry) sharing between security providers, government organizations, and critical infrastructure to identify systemic threats and drive faster, more effective detection and response.

MSSPs like LevelBlue have a key role to play here as the connection point across industries and geographies, and the ability to drive collaboration and transparency across these dimensions can bring significant value to the industry as a whole.