Google Cloud’s Cybersecurity Forecast 2026 warns of new AI-supplemented threats – Computing UK

Analysis of the 2026 Cybersecurity Forecast and its Implications for Sustainable Development Goals

A recent cybersecurity forecast report from Google Cloud outlines a new era of cyber risk, with significant implications for the achievement of the United Nations Sustainable Development Goals (SDGs). The report identifies three primary threat areas: the weaponization of Artificial Intelligence (AI), the evolution of cybercrime, and the escalation of nation-state espionage. These threats directly challenge the stability and progress required to meet key global targets.

Emerging AI Threats and Their Impact on Global Goals

The proliferation of AI-driven cyberattacks presents a direct threat to economic stability and institutional integrity, undermining several SDGs.

• AI-Enabled Social Engineering: Threat actors are expected to leverage multimodal generative AI to create hyper-realistic phishing, vishing, and business email compromise schemes. These activities threaten SDG 8 (Decent Work and Economic Growth) by causing significant financial losses and disrupting business operations.
• The AI Agent Paradigm Shift: The report highlights the need to manage AI agents as distinct digital actors within security frameworks. Failure to do so could compromise sensitive data and systems, impacting SDG 9 (Industry, Innovation, and Infrastructure) by stifling secure technological adoption.
• Shadow AI Agents: The deployment of unauthorized AI agents by employees creates unmonitored data pipelines, posing severe security and compliance risks. This practice jeopardizes the principles of SDG 16 (Peace, Justice, and Strong Institutions) by weakening corporate governance and creating vulnerabilities for exploitation.

Cybercrime Evolution: A Challenge to Economic and Institutional Stability

The increasing sophistication and scale of cybercrime, particularly extortion and attacks on new financial technologies, pose a substantial risk to economic systems and the rule of law.

1. Ransomware and Data Extortion: The report notes a record number of victims listed on data leak sites in Q1 2025, confirming the maturity of the cyber extortion ecosystem. This trend directly undermines SDG 8 by crippling businesses and hampering economic growth.
2. Targeting of Digital Assets: The widespread adoption of cryptocurrency and tokenized assets expands the attack surface. Attacks on decentralized finance platforms and crypto exchanges threaten the stability of emerging financial systems, impacting progress towards SDG 9.
3. Exploitation of Digital Transformation: Cybercriminals are increasingly targeting cloud environments, SaaS providers, and supply chains. The report identifies virtualization infrastructure as a critical blind spot, leaving the core fabric of enterprise IT unmonitored. These vulnerabilities threaten the resilience of the infrastructure central to SDG 9 and SDG 11 (Sustainable Cities and Communities).

Nation-State Activity and Threats to Peace and Critical Infrastructure

State-backed cyber operations represent a significant threat to international stability, directly contravening the aims of SDG 16 and placing critical global infrastructure at risk.

• Cyber Espionage: Increased espionage activities from nations like Russia and China are anticipated to target European governments, defence sectors, and Critical National Infrastructure (CNI). Such actions threaten national security and undermine SDG 16 by eroding peace and trust between nations. Attacks on CNI also directly endanger the foundations of SDG 9 and SDG 11.
• Illicit Revenue Generation: The report highlights the threat of fraudulent North Korean IT workers infiltrating European and UK companies to generate revenue for the regime. This activity subverts international sanctions, compromises legitimate labor markets (SDG 8), and finances a regime that poses a threat to global peace, directly challenging the core tenets of SDG 16.

Analysis of Sustainable Development Goals (SDGs) in the Article

1. Which SDGs are addressed or connected to the issues highlighted in the article?

• SDG 8: Decent Work and Economic Growth

  The article discusses cyber threats like ransomware, business email compromise, and data-theft extortion, which directly impact businesses, disrupt economic activities, and can lead to significant financial losses. The mention of “the most expensive [attack] in UK history” highlights the severe economic consequences of these cybercrimes, threatening economic stability and growth.

• SDG 9: Industry, Innovation, and Infrastructure

  The article explicitly mentions threats to “Critical National Infrastructure (CNI),” “cloud,” and “virtualization infrastructure.” These elements are the backbone of modern industry and innovation. The discussion of cybercriminals targeting these foundational layers underscores the need for resilient infrastructure (Target 9.1) to protect industries and support economic development.

• SDG 16: Peace, Justice, and Strong Institutions

  This goal is central to the article’s themes. It details organized cybercrime (ransomware), illicit financial activities (targeting cryptocurrency), and state-backed espionage. These actions undermine peace, security, and the rule of law. The need for strong institutions to combat these threats and protect fundamental freedoms from digital manipulation (e.g., deepfakes) is a core implication.

2. What specific targets under those SDGs can be identified based on the article’s content?

• Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure, including regional and transborder infrastructure, to support economic development and human well-being.

  The article’s focus on attacks targeting “Critical National Infrastructure (CNI),” “cloud,” and “virtualisation infrastructure” directly relates to this target. The prediction of increased cyber espionage against these systems highlights the urgent need to build more resilient digital infrastructure to withstand such attacks and ensure continued economic and societal function.

• Target 16.1: Significantly reduce all forms of violence and related death rates everywhere.

  State-backed espionage and cyberattacks on critical infrastructure, as mentioned in the article (“increased cyber espionage from Russia and China targeting European governments, defence and Critical National Infrastructure”), can be considered a form of non-physical aggression that disrupts peace and can escalate conflicts between nations, thereby undermining this target.

• Target 16.4: By 2030, significantly reduce illicit financial and arms flows, strengthen the recovery and return of stolen assets and combat all forms of organized crime.

  The article’s discussion of ransomware, data-theft extortion, and the targeting of “decentralised finance platforms and crypto exchanges” are clear examples of organized crime and illicit financial flows. The growth of the “cyber extortion ecosystem” is a direct challenge to achieving this target.

3. Are there any indicators mentioned or implied in the article that can be used to measure progress towards the identified targets?

• Indicator for Target 16.4 (Organized Crime): Number of victims of organized crime.

  The article provides a direct, quantifiable metric that can serve as an indicator: “The 2,302 victims listed on data leak sites (DLS) in Q1 2025 represented the highest single quarter count observed since we began tracking these sites in 2020.” Tracking this number measures the scale and prevalence of organized cyber extortion.

• Indicator for Target 9.1 (Resilient Infrastructure): Proportion of critical infrastructure affected by disruptive incidents.

  The article implies this indicator by highlighting the threat of “increased cyber espionage from Russia and China targeting European governments, defence and Critical National Infrastructure (CNI).” Measuring the number and impact of successful attacks on CNI would be a way to assess the resilience of this infrastructure.

• Indicator for SDG 8 (Economic Growth): Direct economic loss attributed to cybercrime.

  While not providing a total figure, the article implies this indicator by referencing specific, high-impact events like “business email compromise” and citing an attack as the “most expensive in UK history.” Tracking the financial losses from such incidents is a key measure of their economic impact.

4. Summary Table of SDGs, Targets, and Indicators

Source: computing.co.uk