Historically, our data has reflected both continuity and change, fluctuating between radical shifts and the steady continuation of known risks. This year offers both—hence our title, "The Risk Remains (Mostly) the Same." When we began analyzing matter data in December 2025, AI’s role in incidents appeared limited. However, as we approached our March 2026 publication date, we clearly passed a tipping point. AI is moving beyond serving as just an “enhancer” for phishing: it is moving toward more sophisticated social engineering support and automation, and we are now seeing the rise of “vibe hacking” and autonomous coordination between agentic AIs. This volatility is further compounded by the current geopolitical climate. Adjacent to the conflict in Iran, will we see an uptick in disruptive cyber activity—from state-aligned hacktivism to renewed threats against critical infrastructure and global supply chains?
We are likewise navigating a regulatory inflection point. With new AI mandates and privacy laws in the U.S. and EU moving from theory and guidance to active enforcement, the margin for error is disappearing. The risk landscape is dynamic, compounding, and increasingly structural—highlighted by the recent chipset vulnerabilities.
We have navigated emerging risks before, and we know there is no “magic bullet.” As EDR deployment matured and secured endpoints, attackers pivoted to identity-based access, drastically shortening the time from initial compromise to completion. While EDR remains essential, organizations now require additional strategies to address the enterprise risk created by AI with privileged rights to APIs and assets. Our competitive advantage remains our unique perspective. By managing incidents, litigation, and regulatory investigations across entities of all sizes, we provide the data-driven clarity needed to navigate this uncertainty. Whether you are deciding when to notify, choosing between vendors, or prioritizing compliance enhancements, we help you align your response with your specific risk appetite. Ultimately, the fundamentals still matter. Phishing has remained the leading cause of incidents for all 12 years of this report. The organizations that succeed in this landscape are those that execute the basics consistently and effectively. However, with regulators becoming more sophisticated—particularly regarding governance, risk assessments, and data retention—an enterprise-wide approach to risk has never been more critical.
We remain grateful for the strong relationships with our clients and our trusted external partners. I am immensely proud of the BakerHostetler team for the care and expertise that generate this report each year. We hope you find it insightful, use it as a road map, and invite you to reach out to any member of our DADM Practice Group with your questions.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]