Infosecurity Europe 2026: what to watch

What happened

Infosecurity Europe 2026 runs in London with an agenda shaped by the attack trends that defined the past year. Three dominant threads: ransomware-as-a-service (criminal business model where malware is rented to affiliates), offensive AI — using language models to automate spear-phishing and exploit generation — and sustained attacks against European critical infrastructure.

APT groups (state-sponsored hacker teams) headline several tracks, especially those tied to Russia and China following 2025's incidents against energy utilities and rail networks. Supply chain attacks (compromising software before it reaches the final target) and hybrid cloud security also feature prominently.

On the defensive side, vendors are showcasing next-gen EDR (endpoint detection and response) platforms with behavioral detection, and SIEM (centralized system that aggregates and correlates security logs) discussions focus on cutting alert noise with AI.

Why it matters

Infosecurity Europe isn't just a trade show — it's the EMEA sector's threat thermometer. Technical sessions forecast which TTPs (attacker tactics, techniques, and procedures) will dominate the next 12 months.

Active ransomware groups in Europe grew 34 % versus 2024, per pre-conference data. The offensive AI discussion is no longer theoretical: there's documented evidence of LLM-generated phishing campaigns outperforming manual ones on click rates.

For SOC (security operations center — the internal team that monitors and responds to incidents) teams, the conference delivers actionable threat intelligence weeks ahead of other channels. For those not attending, post-event writeups and published slide decks are first-rate material.

What to do

• If you're attending: prioritize threat intelligence tracks, C2 (server that controls compromised machines) detection sessions, and critical infrastructure IR workshops.
• If you're not attending: follow Dark Reading and official event accounts during conference week to catch published IOCs (technical indicators that expose an attack) and TTPs.
• Validate the CVSS (vulnerability severity scoring system) of any CVE announced at the event before prioritizing patches — vendors have incentive to inflate media impact.
• Update your internal threat model with the APT groups and targeted sectors named in keynotes.

The real value of Infosecurity Europe is in hallway conversations and private vendor briefings. If you have budget to send someone, send your threat intelligence analyst — not the CISO.