Trustco’s Big Tech Predictions for 2026 

Quick summary 

• Discover which areas Trustco predict big changes to in 2026. 
• How AI-driven cost pressure moves from the balance sheet to your budget. 
• Why AI might hit a physical, rather than a technical, ceiling.  
• Cyber security strategies shift from pure prevention to resilience and recovery. 
• What the UK Cyber Security and Resilience Bill might mean for you. 
• Wildcards to watch: Some black-swan events that probably won’t happen but might change the world if they do. 

Welcome to Trustco’s big tech predictions. We’ve dusted off the crystal ball, crunched the predictive numbers and produced a shortlist of some of the most important tech changes that we think will be big news in 2026. 

Let’s begin… 

Artificial Intelligence 

AI Inflation Starts to Bite 

For the last two years a significant number of AI platforms – especially LLMs – have been subsidised by cheap, short-term finance for long-term goals. In 2026 the AI bill might arrive.  

Now, power is more expensive, specialist chips remain scarce and the cost of training models grows exponentially as time passes. Cloud providers have raised prices on GPU instances and enterprise software is bundling AI assistants in ways that nudge up per user cost – whether users want or use the features doesn’t seem to matter. 

But don’t take our word for it. Reuters reports AI-driven inflation is an underappreciated 2026 risk, fuelled by data centre build costs that push up energy and chip prices. 

We should also be honest about the market mood. Jeff Bezos has described the current wave as an industrial bubble that could burst, and while he believes that what is left behind will be hugely beneficial for society – where does that leave the ones that don’t make it?  

With so many players in the game and the AI prize being so lucrative, no one admits defeat, no one blinks and eventually the house of cards must come tumbling down. How large the bubble is seems impossible to calculate. 

Physical limits start to set the pace for AI 

Not only do we predict AI will get more expensive, but we also believe the pace of change is being throttled as the AI world hits real-world limits. 

Think of the practicalities of AI infrastructure: Grid connections take years because power plants don’t pop up overnight. Data centres require suitable land with water, power, fibre, security, logistics, labour and planning approval – with some countries being more streamlined than others. Experts are required to make this all come together, and anyone with skills in the field are hot property right now. 

JLL’s 2026 Data Centre Outlook notes multiyear waits for grid connections and that power is now the primary site selection factor, with construction costs still climbing. Memory market pressure is another drag as suppliers prioritise high-bandwidth memory for AI, squeezing other segments and keeping costs elevated. 

The squeeze is not confined to AI. The same demand is pulling high-bandwidth memory and server-grade DDR5 into data centres at scale. Analysts now expect data centres to consume around seventy percent of global memory supply in 2026, which leaves less for everything else.  

When the largest buyers bid for scarce supplies, prices ripple through mid-market arrays and even basic PC upgrades – that hits mid enterprise and end users. Extra competition for chips shows up as higher unit costs and longer lead times far beyond AI alone. 

So, should you be cautious of AI investment? Absolutely not. In our opinion, you should invest in AI where a clear business outcome or additional value can be highlighted and measured. Avoid the hype and seek wise advice. 

Cyber security 

Resilience beats promise of prevention 

We all have a cyber security problem. The rate of cyber-attacks is growing, with major organisations being held to ransom, and this has become a daily headline event. We all must admit the fact that no one can guarantee zero incidents.  

So, what do we do in 2026? We predict the focus will shift towards detection, containment and recovery – in tandem with attempts to keep attackers out as much as possible. 

That means having disaster recovery plans that are rehearsed and not theoretical, lightning-fast restoration pathways and proof that backups are immutable and isolated. It means restoring whole services on a schedule, not just files. It means business leaders in the room during exercises so that ransom decisions and communication plans are not invented on the day. 

Insurers are leaning in as well. With overall risk and exposure still climbing, many insurers are expanding services beyond simple cover. We are seeing joint tabletop exercises that include the insurer, legal counsel and the customer’s technical leads. We are hearing more about legal run-throughs that practise mock breaches and timelines. More customers are putting time and budget into incident response retainers and readiness work, not only managed detection and response or a SOC. 

The cyber security shift needs to be both cultural and technical. Many attackers get a foothold via sloppy mistakes made by first-line employees, incomplete security procedures or top-level execs refusing to follow correct guidance because it inconveniences them. 

In the cyber war, all employees must be foot soldiers. With education, detection, remediation and ‘What if?’ backup plans being communicated across organisations – this will become more important as we move into a future with increased cyber risk. 

AI lifts both attackers and opportunists 

Attackers are already using AI to select targets, write convincing phishing emails, send automated communications, build profiles and probe at insecure attack surfaces. This will make already capable groups faster and enable lower-skilled actors to become more reckless and dangerous.  

We expect to see incidents caused by enterprise AI agents that were given broad permissions and poor guardrails. As AI agents become more widely used, their inherent security flaws will be exploited. And with the AI gold rush continuing at pace, AI companies will push out automated browsers and agents without fully testing the security protocols – a recipe for disaster. 

The UK’s National Cyber Security Centre has warned that AI is already lowering the barrier to entry for cyber-crime and accelerating capable actors through 2027. Recent industry interviews point to enterprise AI agents as a rising insider risk if access is not tightly governed. 

Practical steps to protect yourself are nothing new: strong authentication, well-reviewed privileges and locking down unnecessary access; logging and policy around what agents can do, with review of their actions; and managed detection and response that uses AI for triage but keeps experienced analysts in the loop when it matters.  

The UK Cyber Security and Resilience Bill brings new duties 

This one is more of a solid fact than a prediction. 

The UK’s Cyber Security and Resilience Bill aims to improve the cyber security posture of essential UK infrastructure. The Bill widens the scope beyond traditional public sector organisations to include suppliers, managed service providers, data centre owners and more.  

The bill will tighten incident reporting timelines and strengthen regulator powers. Expect quicker initial notifications, deeper accountability and more scrutiny of supplier risk. The short-term effect will be some administrative pain. The long-term effect should be a more resilient digital economy with clearer lines of responsibility. 

The latest factsheets and Bill text are on GOV.UK for teams that need the specifics. 

What we expect to see is an even larger investment in Governance, Risk and Compliance for enterprises of all sizes. This will go beyond internal structures and will focus on external suppliers – assessing the risk of third parties – and ensuring they not only talk the talk, but walk the legislative walk. 

If you operate in the UK, start mapping which parts of your organisation and supply chain are affected by the bill. Think beyond your own organisation and towards suppliers, partners and contracts that could interact with your cyber security positioning. Ensure your suppliers are low risk, secure, stable and accountable should something go wrong. 

The Trustco blueprint for handling supplier risk management: 

• With decades of experience in the market, Trustco reduces supplier risk. 
• We’re a UK-based technology supplier with clear accountability and escalation pathways. 
• We’re a partner used to operating under public sector frameworks, audits and compliance regimes. 
• Trustco is comfortable with evidence-led assurance, not vague security claims 
• We take ownership of vendor selection, assurance and lifecycle management. 
• Trustco provides clarity on who is responsible for what, when, and under which contract terms. 

⸻ 

Some wildcard predictions 

Our wildcards are low-probability events in the near term that carry very high impact if they land – sometimes known as ‘black swan events’. We are not predicting that these will occur in 2026, but we’ve included them because the consequences would be significant and having awareness is the first step in preparing for any event. 

A practical quantum leap 

A significant breakthrough in quantum computing, specifically the creation of a Cryptographically Relevant Quantum Computer (CRQC), would represent a ‘double-edged sword’. While it could solve humanity’s most complex problems in a short space of time, it would simultaneously dismantle the digital trust that underpins our global economy – by cracking the encryption technology that our world depends on for stability.  

Are we at risk of that in 2026? Frankly, probably not. However, IBM is well placed in quantum, and it predicts that 2026 will see a ‘Quantum Advantage’ take place. This means that instead of quantum computing being a science experiment, it becomes an applicable tool that could be used for incredible leaps in what computers are able to do – for those willing to pay. 

AI model access becomes regulated 

We do not expect a full licensing regime for AI models to arrive overnight, but the direction of travel in Europe is clear.  

The EU’s AI Act sets risk-based duties and creates an AI Office to oversee enforcement. While it’s still a few steps from that to formal assurance schemes, we predict that someday quite soon high-impact models in critical sectors will be regulated, and when the EU does something, the UK often follows quickly alongside.  

With data sovereignty back on the agenda, buyers in regulated industries may need to ask for proof that a model and its supply chain meet local rules, not just a vendor promise. That pressure will push more teams toward on-premises and private LLM deployments where data does not leave their boundary.  

Expect pilots that may move from experiments to production in 2026 in sectors that handle sensitive information.  

Identity outage eclipses ransomware as the most disruptive event 

Traditional ransomware will not vanish, but identity now becomes the prized target. Single sign-ons, Microsoft 365, cloud consoles, zero trust access, third-party SaaS, even developer integrations – they all provide huge levels of access to a wide variety of online systems, and most of us use them.  

A major identity platform failure or compromise would take down access at scale and stall operations in minutes. Attackers know this and are shifting effort to tokens, session cookies and machine identities, not just single endpoints.  

The response is to treat identity resilience like backup and disaster recovery. Keep break glass accounts truly offline. Test fallback identity paths in regular DR exercises. Know how you will keep the lights on if your primary identity provider is unavailable.  

Could this happen? Well, current industry commentary points to identity as the centre of gravity for 2026 risk – so the likelihood isn’t zero. 

⸻ 

Tech support for changing times. 

Combating these trends takes a partner who stays current and brings real engineering depth – that is where Trustco comes in. 

• Trustco designs and supports identity management, so access stays tight as AI agents and services multiply.  
• Our security operations combine AI-enabled managed detection and response with experienced analysts, with incident response on standby when you need it.  
• We integrate SIEM and SOAR with AI workflows, so alerts turn into action. 
• We help you put sensible guardrails around agent automation. 
• We design Zero Trust architectures and modern recovery with the right mix of tools, including Zerto where it is the best fit.  
• We build layered, immutable backups with hot and cold recovery options, and we prove them with regular restores.