When global security expert Mikko Hyppönen talks about the state of cybersecurity today, he starts with a simple principle that many organisations still fail to live by: “You can’t really protect what you don’t see.” For companies, that means defence no longer begins with sophisticated tools, but with visibility. They need to know what is actually inside the network, how many laptops, servers, mobile devices, and cloud systems they operate, because only once they understand “what you’re protecting” can they begin to build meaningful defences. In an era when digital infrastructure is expanding faster than the ability to monitor it, Hyppönen sees that gap as one of the defining security challenges.
His view goes well beyond the traditional corporate perimeter. After more than three decades spent fighting cyberattacks, he is now also working in drone defence, which he sees as a natural extension of the same problem. Drones, in his words, are computers too, just a different kind. And in Ukraine, he argues, the scale of that shift is already visible. “Drones are killing more people than all the other weapons combined,” he says, calling it “an amazing revolution in warfare”. What makes the threat especially serious is that drones are cheap, can be deployed at scale, and force defenders to deal not only with detection, but with the challenge of stopping “hundreds or maybe even thousands of drones coming to you at the same time”. As Hyppönen puts it, this machine-versus-machine warfare “sounds like science fiction, but it’s already happening”.
He sees a similar duality in artificial intelligence. Attackers have almost always had the upper hand in cyber conflict, with defenders trying to catch up, yet Hyppönen believes generative AI may be a rare exception. “Practically all cybersecurity companies are heavily investing in solutions based on generative AI,” he says, while attackers still seem to be slightly behind. That gives him some cautious optimism, although he is clear that the same tools can benefit both sides. New models can already “detect unknown vulnerabilities faster than humans”, which makes them “great and awful at the same time”. In the hands of defenders, that could strengthen protection. In the hands of attackers, it could accelerate the discovery of new weaknesses.
That is why Hyppönen returns to a lesson the industry has learned but never fully absorbed: “Every smart technology is a new attack surface.” Every time a device gains more functionality and connectivity, it becomes smarter, but also more hackable. The reason is basic: “humans make mistakes”, and when coders make mistakes, bugs follow. Security, in that sense, can no longer be limited to servers and workstations. “The coffee machines and the security cameras are computers as well,” he says, and that means they too need patching, monitoring, and inclusion in the wider security model. The difficulty is that, in large networks, even such fundamental tasks become far harder than they sound.
Ultimately, Hyppönen’s most important point is not technical but managerial. “Cyber security is a leadership issue,” he says. In a world where every company is now also a software company and a cyber company, it is no longer enough for executives to understand only finance, strategy, or their own vertical. If top leadership does not understand technology and security, the organisation will remain reactive by design. For Hyppönen, 2026 is therefore the moment when cybersecurity decisively moves out of the IT department and becomes a boardroom issue.
When global security expert Mikko Hyppönen talks about the state of cybersecurity today, he starts with a simple principle that many organisations still fail to live by: “You can’t really protect what you don’t see.”
Worldwide IT spending is expected to reach $6.31 trillion in 2026, up 13.5% from 2025, according to Gartner.
A new study by Juniper Research forecasts that the global value of direct carrier billing (DCB) transactions will rise from $51 billion in 2026 to more than $87 billion in 2030.
