Third‑ and nth‑party compromise tops 2026 Cyber Risk Horizon

POSTED BY ORX | 09 MARCH 2026

false

3:25

Our Cyber Horizon 2026 report shows that third- and nth-party compromise remains the leading cyber threat this year across both the short-term (6–12 months) and long-term (12–36 months) horizons. In fact, a significant 95% of firms listed this in their top five concerns over the next 6-12 months, which we attribute to growing supplier ecosystems and weak controls across vendors.

Figure 1: Normalised Borda scores based on participants’ rankings of the emerging cyber threats. This chart only reflects the top 5, to see the full chart, please see the full report.

This is our second Cyber Horizon survey, which will now be released annually following positive feedback from the ORX Cyber community. It complements the wider Operational Risk Horizon report, released earlier this month, and is based on responses from 22 global organisations to questions around threat priorities, interconnectedness of threats, likelihood of materialisation, and expected exposure changes.

AI continues to disrupt the emerging risk landscape in 2026. Concerns about AI risks are rising, with Attack on AI models moving from 11th to 4th in long-term risk rankings. Most respondents expect threats like attacks on AI models and AI-related fraud, including deepfakes, to grow over the next 12-36 months. Ransomware attacks and Cloud service provider compromise also remain top concerns in both short and long-term horizons.

horizon chart

Figure 2: Comparison of the percentage of organisations selecting a given emerging cyber threat in their top five, over both the short-term (6-12 months) and long-term (12-36 months) in the 2025 and 2026 studies. To see the full chart, please see the full report.

For the first time, Quantum computing was added to the list of cyber threats, earning its spot among the industry’s top concerns. While it may seem distant in the short-term, it is in 8th place for long-term risks. This high ranking indicates that firms are acutely aware of its potential to disrupt the risk landscape, highlighting a similar level of fear around sudden technological leaps akin to generative AI.

This addition reflects the broader sentiment captured throughout the 2026 Cyber Risk Horizon Report, where the rapid evolution of technology and its associated risks are increasingly at the forefront of industry discussions. As firms grapple with the complexities of supply chain compromises, Ransomware, and Attacks on AI models, the emergence of Quantum computing as a recognised threat underscores the necessity for proactive planning.

Nikki Truss-West, Senior Research Manager, ORX Cyber, comments:

“The 2026 Cyber Horizon Report reveals that the perceived threats of supply chain compromise remain high. While considerable attention is focused on this and other immediate threats, it is important that firms balance their efforts with planning for medium and longer-term threats such as AI and quantum computing.”

In the Cyber Horizon report’s conclusion, we encourage firms to look beyond individual threats to ensure interconnectedness is central to risk management discussions.

Truss-West concludes,

“Cyber risk experts must develop clear views of risk interconnectivity, to ‘connect the dots’ before potential threats converge into something more severe.”

To help firms navigate, in H1 2026, ORX will host a series of discussions on AI with the Cyber working group, initially focusing on two key cyber areas of focus; defending against AI-enabled threats, and how to manage third-party usage of AI and embedded AI tools.

ORX Cyber subscribers can read the full ORX Cyber Horizon 2026 report here: