Will 2026 be another challenging year for technology?

As we transition into a new year, the thoughts of small and medium-sized businesses (SMBs) now turn to planning for 2026 and beyond, with leaders looking to identify the tech problems on the horizon as much as the opportunities they can take advantage of.

Throughout 2025, businesses were plagued by many issues, from some very public and successful hacking attacks to struggles over how to integrate AI into their operations.

Looking ahead, experts suggest both will continue to cause trouble alongside other new or re-emerging potential pitfalls.

To counter this, SMBs must start to take simple-to-solve vulnerabilities more seriously, according to Simon Hodgkinson, a former CISO at multinational energy giant BP.

Hodgkinson is currently a strategic advisor to threat prevention firm Semperis, and he also regularly delivers talks in schools to raise cybersecurity awareness. His experience leads him to point to a simple but growing risk area that he perceives is becoming a major threat… the lack of multi-factor authentication (MFA) among SMBs.

“The vast majority are leaving themselves wide open to the most basic forms of attack,” he explains.

“Yes, MFA has been compromised, but only by extremely sophisticated forms of attack; the reality is it will protect you from 90% of drive-by attacks. We really need to lift the bar and create a baseline of resilience so SMBs don’t get left behind.”

He advises that greater resilience is important, and it must be built into operations during 2026 to deny such attempts because “these organizations are having to protect critical data assets and intellectual property with a much smaller budget and fewer security professionals”.

“The application of controls can significantly reduce risk and, in the long run, the costs of containment,” he warns.

New threats from AI use

Problems with growing levels of artificial intelligence (AI) being used internally have been well-documented, from the cybersecurity risks it throws up to the poor advice it might give, thanks to AI hallucinations or the bad data it is fed initially.

But Phil Coxon, managing director at Breathe HR, points to an even more underestimated and under-the-radar AI issue he feels will be problematic in 2026. This, he says, highlights how technology is increasingly being used to find and raise grievances with bosses – and it’s this controversial role for AI that could spark rising troubles.

“Employment tribunal cases are on the rise, with lawyers noting signs of AI use by claimants. ChatGPT will no doubt serve up more grievances next year as workers look to assert new rights coming into effect as part of the hotly anticipated Employment Rights Bill. But dealing with inaccurate or inflated claims could drain resources that SMBs are unable to spare,” he says.

“Employers must be able to easily find and cite relevant policies and employee data if they do find themselves faced with tribunal cases. Centralized systems can securely store this information in one place and quickly generate insights needed for this very purpose.”

Changes in global regulations

When it comes to leadership and resilience, former England Rugby Captain Martin Corry knows a thing or two about facing down the biggest challenges. Now in post as Northern Europe and UK country lead at Docusign, Corry cites a continued push among some governments worldwide to implement plans for digital business identity systems as a challenge to watch for in 2026.

“Businesses risk being left behind if they don’t integrate seamlessly with new ID frameworks or if they mishandle sensitive customer data. Our research found 69% of organisations say identity fraud attempts are increasing, costing businesses an average of $7m annually,” he says.

Corry adds: “The solution is to view identity management not as back-office admin, but as a strategic capability. SMBs that adopt government-approved digital verification tools are better positioned to save costs, stay compliant, and deliver the secure, user-friendly experiences customers expect. It’s about building trust and resilience at the very core of the business.”

But it’s not just digital ID that is causing governments around the globe to re-evaluate how they regulate next year. Currently, the landscape is very fragmented, especially around AI. In 2026, though, countries like Japan and South Korea, as well as the EU, are bringing in regulations that focus on AI.

Chris Weston, senior technology consultant at NashTech, suggests that such governance when adopting AI tools must now be at the top of leaders’ minds.

“The temptation is to roll out assistants or coding tools quickly to boost productivity,” he explains.

“But without clear oversight, they risk compliance breaches, data leakage, and reputational damage. With regulators themselves beginning to use AI to scrutinize businesses, the spotlight will intensify.”

Governance should be a first step rather than an afterthought, Weston argues, as this will ensure systems are “auditable, secure, and explainable” before SMBs are ready to scale. “That way they can unlock the benefits of AI without creating risks they can’t afford to manage,” he adds.

Preventing costly payouts

Such thoughts around unmanageable risks that might leave SMBs open to paying out the sort of financial compensation they can least afford are high on experts’ lists of considerations for 2026. This will only intensify, especially as regulation increases in the digital environment.

James Tumbridge, data protection partner at Keystone Law, says: “You need to understand your risk. What is your cybersecurity setup? What insurance do you have in place? Who is my advisor on this? The third might be a combination of lawyer, IT specialist, and insurance broker, but fundamentally, your business needs to understand risks and justify its decisions.

“In today’s world, you need to think about your system security and your insurance cover, or the lesson can be very painful. In doing so, can you justify the setup with legal advice? If not, you might have a regulatory headache too.”

Another aspect that may cost SMBs money in 2026 is not preparing well enough or hard enough for outages or disruptions, whatever the cause. Two-thirds [of businesses] expect to suffer one or the other in the next 12 months, according to research by software testing company Tricentis. It questioned 2,750 people from 10 countries, of which 2,150 were from SMBs, including CEOs, CIOs, CTOs, and DevOps leaders.

One way to beat that predicament, some suggest, could be to invest further into digital tools so more tasks are automated. This then frees up the time for small or lean SMB IT teams, meaning they can then focus more on finding and preventing errors in operations that can lead to outages.

The wealth of digital tools now out there – which will only soar in number further in 2026 – is in itself a challenge to be managed by SMBs, according to Stuart Miller, director of public policy and technology research at Xero.

“Many feel overwhelmed by choices and unsure of where to start, uncertainty that is likely to be compounded as powerful generative AI and agentic capabilities become more widely available,” he warns.

“The trick is to start with problems you want to solve and look for technology that is cost-effective, easy to use, and streamlines processes.”

Being honest about what’s possible

Planning for 2026 should involve transparency as much as possible, say many experts, who see honesty among SMBs as a powerful tool to drive productivity and profit. In doing so, SMBs must not forget the impact greater levels of digitization always have on employees, warns Ben Strawson, CTO at Future Platforms.

Strawson has worked with companies including Audi, Domino's Pizza, and EE in the past and advises that SMBs must ensure their employees are kept up-to-date on what is happening across the business – and crucially, why it is happening.

This is especially true for the introduction of AI, he insists, to prevent challenges arising from colleagues who fear being replaced by the technology. His view is to keep information flowing about how and where AI is being used, as well as providing training and upskilling where possible, so employees are educated enough to provide their own input.

Involving employees early in AI initiatives so they do not feel left out, overlooked, or that it has been foisted on them is also key. This should go alongside training them on the limitations of AI as much as the benefits, so it’s used in the right places for the right reasons.

“Many companies are looking to AI to reduce their employee headcount, although others see AI as a way to improve the roles of their current employees,” Strawson explains.

“As with any business transformation, employees finding out about AI projects informally will inevitably lead to increased friction, which may be unnecessary.”