ITL: Five Cyber Threats Every Company Leader Must Consider in 2026

January 19, 2026

ITL together with its members, highlights five key cyber threats that will increasingly shape the responsibilities of company leaders in 2026 and beyond, directly affecting business sustainability.

Cybersecurity concerns all sectors and requires informed decision-making at board and supervisory board level.

“Cyber threats are closely linked to the rapid development of technology. Technology itself is not harmful – on the contrary, it creates new opportunities for the economy and society. Unfortunately, the same tools are increasingly being used by criminals as well,” explained Lauri Almann, Member of the Management Board of ITL and Chairman of the Supervisory Board of CybExer Technologies OÜ. “That is why technical protection alone is no longer sufficient. What matters most is management’s ability to make decisions, clearly define roles and responsibilities, and act decisively in crisis situations. In the event of a cyber incident, technical response alone is not enough – leaders must decide how and when to communicate with customers and the public, when to report the incident, where management responsibility lies, and how to ensure the continuity of business-critical data.”

According to Almann, ITL members are not merely technology developers and service providers, but also managers of the functioning and security of the Estonia’s digital environment, bearing responsibility not only for their own organisations and customers, but for society as a whole.

Top5 küberohtu

To identify the most critical cyber threats, executives from ITL member companies met with leading experts, including Kalev Pihl (SK ID Solutions), Toomas Vaks (Swedbank), Andre Visse (Telia Eesti), Vahur Verte (Office of the Prosecutor General), and Veikko Raasuke (CERT-EE). The discussions focused on realistic cyber incident scenarios and the practical decisions executives must make under pressure, resulting in the identification of the most significant risks no company leader should overlook.

Speaking as an expert representing the telecommunications sector, Andre Visse, Member of the ITL Board and CEO of Telia Eesti AS, emphasised that cybersecurity is no longer merely an IT issue or a technical problem. “The functioning of cyberspace has become an integral part of the economy, critical infrastructure and everyday life. Therefore, responsibility for cybersecurity cannot rest solely with the IT manager or information security specialist,” said Visse.

Top5 küberohtu

“I recommend that companies treat cybersecurity as an ongoing management process rather than a one-off project. This means creating and regularly exercising crisis plans, investing in data backups and secure authentication, increasing employee awareness and skills, and working with trusted technology partners.”
“As ITL members, we feel a heightened responsibility for the cybersecurity of society and the trustworthiness of our digital ecosystem. That is why cybersecurity will remain one of Telia’s key focus areas in a rapidly evolving threat landscape. At the same time, we encourage all other sectors to raise awareness as well – cybersecurity is a shared responsibility,” Visse added.

Top5 küberohtu

ITL’s Top 5 Cyber Threats for 2026

AI as an Attack Tool and AI-Driven Phishing
Artificial intelligence enables attackers to create highly convincing and targeted fraudulent messages and calls. Forecasts suggest that by 2027, AI will be involved in nearly 17% of cyberattacks. At the same time, AI is also a critical defensive tool – the key question is which side adapts faster.

Phishing and Scam Calls
Fraud remains one of the most damaging forms of cybercrime. Last year alone, Estonians lost nearly €29 million to scammers, with banking fraud and business email compromise accounting for the largest share. The impact goes beyond financial loss, affecting reputation and trust.

Data and Identity Breaches
The volume and value of data continue to grow rapidly. In Estonia alone, millions of passwords have been leaked in recent years. Data breaches may result from weak passwords, phishing attacks or supply chain compromises, directly affecting business continuity and responsibility towards customers.

Supply Chain Attacks
Attackers deliberately target the weakest link. Increasingly, access to company systems is gained through partners or service providers. Supply chain security is therefore a board-level risk, making the careful selection of trusted partners more important than ever.

Ransomware
Ransomware attacks remain among the most widespread and costly cyber incidents in Europe. They have evolved into a business model, with attacks offered “as a service”, and can result in the complete disruption of business operations.

Estonian Association of Information Technology and Telecommunications, 19th of January 2026

Photos: Priit Jõesaar. The event was organized by CyberHub project supported by European Union.

Grete Soares de CamargoCyberHubs project manager+372 5800 9836

Privacy Overview
ITL

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.