Security Trends 2026: Technology
The security landscape is no longer a collection of cameras and sensors; it is a sophisticated digital ecosystem. As we look toward 2026, the conversation is shifting from what technology can do to how it integrates into the very fabric of enterprise risk and governance.
In the first of our Security Trends 2026 series, we sit down with Steven Kenny, ASIS UK Board Director and Manager of the Architecture & Engineering Programme at Axis Communications. With over two decades of experience navigating the intersection of physical and cyber security, Steven argues that the next two years won't be defined by a single "breakthrough" gadget, but by a long-overdue professional maturity.
From the "misplaced trust" in AI to the rising importance of supply chain transparency, Steven discusses with us why the future of security belongs to those who prioritise design and governance over the latest industry hype.
Fb “When you look ahead to 2026, what do you see as the most significant shift in security technology or systems that organisations will have to contend with?”
SK “For me, the most significant shift is not a specific technology, but how security technology decisions are being made. We are moving away from isolated, device-led thinking towards a much more holistic, ecosystem-first approach. Organisations are increasingly making early decisions about architecture, integration, and long-term support before they ever look at individual components.
This shift is being driven by several forces coming together. Security systems are now deeply connected to IT infrastructure, business operations, and cyber risk management. As a result, physical security can no longer be designed in isolation. It has to align with enterprise architecture, governance models, and regulatory obligations.
Cybersecurity is a major factor here. For most organisations, it is now recognised as the number one business risk, and security technology is being assessed through that lens first. That naturally influences vendor selection, system design, and deployment models.
By 2026, organisations that succeed will be those that treat security technology as part of a broader digital ecosystem. Those that continue to view it as a standalone function are likely to struggle, not because the technology is inadequate, but because it no longer fits how modern organisations operate.”
FB “Which aspects of security technology do you think are currently being misunderstood or oversold?”
SK “Artificial intelligence is probably the clearest example. AI absolutely has a role to play in improving security effectiveness, but it is often presented as a solution in its own right rather than as a tool that still requires context, design, and human oversight.
There is sometimes an assumption that more automation automatically leads to better outcomes. In reality, poorly implemented AI can introduce new risks, from false confidence in outputs to blind spots that are harder to detect. AI does not remove complexity; it often shifts it elsewhere in the system.
Hybrid architectures are another area that can be oversimplified. They are frequently described as a universal answer, when in practice they are a framework for making informed trade-offs. Decisions about where data is processed, stored, and analysed are shaped by regulation, cyber risk, cost, resilience, and operational reality.
Overselling happens when these nuances are ignored. Technology can do remarkable things, but it cannot replace governance, good design, or accountability. By 2026, I think we will see a more mature conversation emerge, where capability is balanced with realism.”
FB “Where are organisations struggling most right now when it comes to managing security technology in real-world environments?”
SK “The biggest challenge is not a lack of technology, but a lack of alignment. Many organisations are dealing with fragmented systems, multiple vendors, and overlapping responsibilities between security, IT, facilities, and compliance teams.
Integration is often treated as a technical exercise, when it is really an organisational one. Without clear ownership and governance, systems become difficult to manage and even harder to evolve. Furthermore, many organisations underestimate lifecycle management. Keeping systems secure and compliant over time requires ongoing updates and investment. By 2026, this gap will become increasingly difficult to ignore.
Regulation adds another layer of complexity, particularly in Europe. Organisations are trying to navigate overlapping requirements around cybersecurity, resilience, and critical infrastructure while still maintaining day-to-day operations. That can slow decision making and create uncertainty, especially when responsibilities are unclear.
Lifecycle management is another pressure point. Keeping systems secure and compliant over time requires ongoing updates, monitoring, and investment. Many organisations underestimate this effort, focusing heavily on deployment but not enough on long-term operation. By 2026, this gap will become increasingly difficult to ignore.”
FB “What risks are emerging as a result of increased automation and system convergence that aren’t yet being addressed?”
SK “One emerging risk is misplaced trust. As systems become more automated, there is a temptation to assume outputs are inherently reliable. However, automated systems can fail in subtle ways when operating outside their design conditions.
System convergence delivers real benefits, but it also expands the potential attack surface. A weakness in one area can have far wider consequences than anticipated. We are also seeing a growing risk around supply chain transparency. Expectations around component integrity and governance are increasing; organisations lacking visibility into their technology stack may find themselves exposed—both operationally and reputationally.
Cybersecurity plays a central role here. As security systems become more connected and software-driven, they inherit the same vulnerabilities and responsibilities as any other digital system. Regulation is starting to reflect this, but operational maturity often lags behind compliance requirements.
There is also a growing risk around supply chain transparency. Expectations around traceability, component integrity, and governance are increasing, and organisations that lack visibility into their technology stack may find themselves exposed, both operationally and reputationally.”
FB “If organisations were more honest about the limits of security technology, what would they approach differently?”
SK “I think they would spend more time on design, governance, and people, and less time chasing the latest capability. Technology works best when it is deployed with a clear understanding of what it can and cannot do.
Being honest about limits would lead to more thoughtful conversations about risk appetite and responsibility. Automation and AI can support decision making, but they do not remove the need for human judgement or accountability. Recognising that upfront changes how systems are specified and managed.
It would also encourage organisations to think more carefully about long-term impact. Security technology decisions increasingly affect cybersecurity posture, regulatory compliance, energy use, and trust. These are board-level concerns, not technical afterthoughts.
By 2026, organisations that acknowledge these limits are likely to build more resilient and credible systems. Those that expect technology alone to solve complex organisational problems may find themselves disappointed.”
FB “Is there anything else important for the 2026 outlook that we haven’t covered?”
SK “One important point is that technology decisions are becoming inseparable from broader corporate responsibility. ESG considerations, supply chain transparency, and regulatory compliance are no longer peripheral issues. They directly influence how security systems are designed, procured, and operated.
There is also a growing awareness around supply chain resilience. I would not suggest that we are heading back to the semiconductor shortages seen in 2021 and 2022, but there are quiet signals being discussed at board level. Costs are rising, demand is increasing, and global supply chains remain complex and exposed. Organisations would be wise to factor this uncertainty into long-term planning rather than assuming stability is guaranteed.
At the same time, compliance requirements continue to deepen rather than disappear. Initiatives around cybersecurity, resilience, and supply chain assurance are becoming more detailed and more demanding. Requirements such as NDAA compliance are evolving beyond simple product checks into broader questions of governance, traceability, and trust.
Ultimately, the outlook for 2026 is not about a single breakthrough technology. It is about maturity. Organisations that take a balanced, honest, and responsible approach to security technology will be far better placed to navigate what comes next.”
