Security-Led Transformation: Building Resilient Growth in 2026 – The European Financial Review

By Rebecca Harness

Escalating cyber threats have clarified that embedded, security-by-design approaches now underpin successful digital transformation. For project-based organisations, strong governance, resilient systems and responsible AI reduce disruption, build trust and accelerate delivery. In 2026, security-led transformation enables confident innovation, regulatory readiness and sustainable growth amid rising complexity across modern industries worldwide.

The real-world impact of cyber-attacks continued to escalate in 2025. From the headline-grabbing data breaches to the rise of increasingly sophisticated cybercrime tactics, the threat landscape has evolved at an unprecedented pace.

What is striking, however, is not just the scale of these incidents, but the clarity they have brought to project-based industries that increasingly rely on connected systems, shared data and digital collaboration to deliver complex work. When disruption translates directly into stalled projects the cost of weak security becomes immediately visible. The events of the past year have highlighted that resilient, well-integrated security enables work to continue at pace, allowing organisations to move faster, experiment safely, and deliver with confidence.

This year, this mindset could not be more welcome. In industries such as architecture, engineering and professional services, where data integrity and client trust are paramount, embedding security into the design of systems and processes means that creativity can be both protected and amplified. It’s a catalyst for continuous progress, and a key differentiator of success.

This confidence reflects a broader certainty in how organisations approach change, particularly as more than half of UK project-based firms now consider themselves to be at a mature or advanced stage of digital transformation, up from just under a third the year before. The foundations are strengthening, and with them, the opportunity to innovate responsibly.

Security by design is becoming the engine of innovation

One of the clearest trends that emerged last year, was the move towards security by design. As cloud platforms, SaaS tools, and AI-driven systems become embedded across project lifecycles, the tolerance for disruption has fallen sharply. Yet, project complexity continues to rise. Our own research found that resource shortage (46%) is among the key pressures facing project-based organisations, with expectations around delivery continuing to intensify. In this environment, organisations are recognising that confidence and continuity matter just as much as speed.

These challenges are reflected in where firms are choosing to invest. Investing significantly more in new technologies, such as AI, is the top priority for firms (79%). Additionally, 82% agree that the successful implementation of AI has had a major impact on boosting profits. The emphasis on implementation signals a growing understanding that technology only delivers value when it is supported by strong governance, resilient systems and trusted data.

Security by design plays a central role in making that possible. When compliance and security controls are embedded directly into workflows, approvals and financial systems, teams experience less friction rather than more. Clear guardrails reduce uncertainty, data becomes more reliable and decision-making accelerates. This approach supports faster project delivery while reducing risk, allowing organisations balance innovation with accountability.

Resilience is also being redefined. Continuity planning, redundancy and clear communication protocols are becoming everyday enablers of productivity. When teams know that projects can continue during disruption, trust is reinforced internally and externally. Deadlines are protected, client relationships remain stable, and organisations are better equipped to adapt when conditions change.

In 2026 greater regulatory developments will reinforce this trend. Updated cyber governance frameworks and strengthened legal requirements are setting clearer expectations around accountability and reporting. For organisations that have already invested in strong security foundations, regulatory change becomes a validation of strategy rather than a reactive exercise. The focus flows towards building durable systems that support long-term growth.

Responsible AI as a standard, not an aspiration

Alongside this evolution in security, AI is moving decisively from experimentation into operational reality. Responsible AI has become a core engineering discipline, grounded in governance, transparency and data integrity.

AI is now closely tied to the pressures project-based organisations are facing today. Rising complexity and talent shortages have encouraged firms to look for new ways to streamline processes and enhance expertise. Many are responding by prioritising AI and automation, with a clear focus on improving efficiency and decision-making. At the same time, there is growing awareness that skills development and employee engagement remain critical challenges, with 48% of organisations citing a lack of upskilling investment and 34% pointing to low employee engagement as ongoing barriers, reinforcing the need for AI to support people rather than replace them.

Responsible AI creates a stable foundation for this next phase of innovation. Model governance, data lineage and explainability provide assurance that systems are operating as intended and that outcomes can be understood and trusted. This strengthens client confidence and supports better internal decision-making, particularly as AI becomes more deeply embedded in project delivery and financial management.

Strong security foundations and responsible AI practices create the confidence to innovate at pace throughout 2026, even as projects become more complex and regulations tighten. In 2026, the organisations that lead will be those that treat security not as a safeguard of the past, but as a design principle for the future.

About the Author

Rebecca Harness is the Chief Information Security Officer at Deltek, leading global information security. With 25 years in IT and a decade in security, she previously served as CISO at Quickbase, founded two tech startups, is President of ISACA St. Louis, and holds an MSISE from SANS.