As we look ahead to 2026, the question for most firms is no longer whether disruption will occur. It is whether leadership teams are being exercised for how disruption now unfolds in practice.
Disruption has become prolonged, layered and confidence-eroding rather than short, sharp and contained - simulations need to reflect that reality.
The five priorities below represent where simulation and exercising effort should be concentrated in 2026. They are ordered deliberately. Together, they test leadership judgement, endurance and coherence under sustained uncertainty.
1. Systemic cyber disruption through identity and privileged access
Why this matters
The fastest route to enterprise-wide disruption is no longer a perimeter breach. It is identity compromise. Service desks, privileged accounts, access tokens and trusted pathways are increasingly exploited because they allow attackers to move without triggering obvious alarms.
This often leads to material impact before there is certainty that anything is wrong.
How this could show up in a simulation
A legitimate account is compromised through social engineering or credential abuse. Access appears normal. Fraud or unauthorised actions begin while security teams are still assessing. Decisions about access shutdown risk disrupting core services.
What this tests
- Speed and quality of leadership decision-making under ambiguity
- Authority to take disruptive protective action without full confirmation
- Understanding of which identities and access pathways actually matter
What to look out for
- Waiting for certainty rather than acting on risk
- Pushing decisions entirely into technical teams
- Over- or under-reacting to access shutdowns without service ownership
2. Prolonged third-party or shared platform outage
Why this matters
Supplier and platform concentration means that outages rarely stop services cleanly. They degrade reliability, confidence and customer experience over time. Restoration timelines slip and uncertainty persists.
These situations become conditions rather than events.
How this could show up in a simulation
A critical supplier suffers partial or intermittent failure. Communications are inconsistent. Internal teams debate whether this is serious enough to escalate. Customers experience increasing friction across multiple services.
What this tests
- Leadership understanding of dependency and blast radius
- Realism of degraded modes and workarounds
- Supplier governance and escalation under pressure
What to look out for
- Extended monitoring without decisive action
- Over-reliance on optimistic supplier timelines
- Unsustainable manual workarounds that quietly increase risk
3. AI-enabled deception and misinformation
Why this matters
Deception now operates at speed and scale. Deepfake voice or message impersonation, combined with external rumours or misinformation, can undermine trust before facts are established.
This is not just reputational. It is operational, financial and governance-related.
How this could show up in a simulation
An urgent instruction appears to come from a senior executive. At the same time, external claims of a breach circulate, driving customer and media pressure. Internal channels fill with conflicting information.
What this tests
- Verification discipline under pressure
- Fraud and payment controls when senior authority is impersonated
- Crisis communications coherence when facts are incomplete
What to look out for
- Authority being bypassed because a message looks legitimate
- Silence creating a narrative vacuum
- Sensitive decisions being taken on insecure channels
4. Polycrisis conditions that stretch leadership over time
Why this matters
The most damaging situations are no longer single incidents. They are overlapping pressures that exhaust leadership capacity. None may be existential alone. Together, they degrade decision quality and coherence.
How this could show up in a simulation
A third-party issue is underway. A cyber signal emerges. Regulatory queries begin. Staff absence increases. Social pressure grows. Recovery is partial and slow.
What this tests
- Leadership endurance and decision coherence over time
- Ability to prioritise and constrain activity deliberately
- Coordination across functions without fragmentation
What to look out for
- Decision fatigue and repeated reversals
- Local optimisation that harms the enterprise
- Unsustainable leadership operating rhythms
5. Regulatory engagement under sustained uncertainty
Why this matters
Regulatory scrutiny increasingly runs alongside incidents rather than after them. Firms are judged on how decisions are made, harm is managed and actions are evidenced while uncertainty persists.
This is a leadership test, not a compliance one.
How this could show up in a simulation
Impact tolerances are at risk. Information is incomplete. Regulators request updates, evidence and rationale for decisions while recovery remains uncertain.
What this tests
- Clarity of decision rights and governance
- Quality and consistency of management information
- Ability to communicate coherently under pressure
What to look out for
- Metrics without meaning
- Inconsistent internal and external narratives
- Fear-driven decisions optimised for optics rather than outcomes
What this means for your simulation programme
Effective simulations in 2026 should not aim to cover everything. They should go deep on scenarios that reflect how disruption actually unfolds.
If a simulation doesn't force leadership teams to operate under ambiguity, sustain judgment over time, and make uncomfortable trade-offs while regulators demand answers - it won't expose your real vulnerabilities. Let's build one that does. Speak to our specialists today!
