Hello 👋 get a brew on because these are the top emerging risks between February 9th, and March 9th, 2026…

We’ve been away for the last few weeks as some of our team deal with relocating across Asia. If you missed it, check out our deep dive on the World Economic Forum’s Global Risk Report 2026. Also coming up this month, we will take a look at the on-ground experience of the Iran conflict. Is what we’re seeing on media a true reflection of reality in the UAE?

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Technological: Your Encryption Has an Expiry Date

• Imagine a computer that doesn’t think in simple yes-or-no answers, but can explore millions of possibilities simultaneously. That’s quantum computing. Traditional computers process information as bits—either 0 or 1. Quantum computers use “qubits” that can exist as both 0 and 1 at the same time, a phenomenon called superposition. This allows them to solve certain complex problems exponentially faster than conventional machines. While still in early stages, quantum computers are advancing rapidly, and the encryption protecting virtually everything digital today was designed for a world where these machines didn’t exist.

• Google’s latest announcement confirms what cryptographers have warned for years: quantum computers capable of breaking current encryption standards are no longer theoretical. They’re an engineering challenge with a visible timeline, potentially within the next decade.

• The threat isn’t just future-facing. Adversaries are already harvesting encrypted data today using “harvest now, decrypt later” strategies, stockpiling sensitive communications, financial records, and state secrets to crack once quantum capability matures.

• Current RSA and ECC encryption (the backbone of secure internet communications, banking systems, government networks, and corporate infrastructure) becomes mathematically trivial to break with sufficiently powerful quantum processors.

• Most organisations operate on 3-5 year planning cycles while quantum-resistant migration requires 10-15 years of infrastructure overhaul, creating a dangerous gap between threat timelines and organisational preparedness.

• NIST has already published post-quantum cryptographic standards, yet adoption remains minimal across industries that have spent decades building systems on encryption they assumed would remain secure indefinitely.

• The challenge extends beyond technology replacement: organisations must audit every system, protocol, certificate, and data store touching cryptographic functions. A scope most have never fully mapped.

Sources

• Google Just Told You Your Encryption Is on Borrowed Time | Cybersecurity Insiders | February 2026

• NIST Releases First 3 Finalized Post-Quantum Encryption Standards | NIST | August 2024

• Quantum Computing Progress and Cryptographic Implications | IBM Research | 2025

• Harvest Now, Decrypt Later: The Quantum Threat Timeline | MIT Technology Review | 2025

You should be concerned if…

• Financial services and banking institutions: Your entire transaction security model—from customer authentication to interbank transfers—relies on encryption quantum computers will eventually break. Data encrypted today containing account details, transaction histories, and customer identities remains valuable for decades.

• Healthcare organisations holding long-term patient data: Medical records have indefinite sensitivity. Patient data encrypted today using current standards will remain sensitive in 15 years when quantum decryption becomes feasible, meaning today’s protection becomes tomorrow’s breach.

• Government contractors and defence suppliers: Nation-state adversaries are actively harvesting encrypted government communications now and they’re doing this quietly. If you handle classified information, strategic planning documents, or defence intellectual property, assume hostile actors are building archives for future decryption.

• Critical infrastructure operators: Energy grids, water systems, and telecommunications networks operate on multi-decade infrastructure cycles. Systems being deployed today will still be operational when quantum computers mature, requiring cryptographic agility built into current procurement decisions.

• Any organisation storing data with long-term confidentiality requirements: Trade secrets, legal documents, M&A communications, intellectual property, anything requiring confidentiality beyond 2035 faces exposure risk from today’s encryption choices

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Conduct cryptographic asset inventory now

• Begin immediately mapping every cryptographic dependency across your infrastructure—certificates, encryption protocols, key management systems, and third-party services using cryptography. You cannot migrate what you haven’t catalogued, and most organisations drastically underestimate their cryptographic footprint. This audit forms the foundation of any migration strategy.

Implement crypto-agility as architectural principle

• Design systems allowing cryptographic algorithms to be swapped without wholesale infrastructure replacement. Avoid hardcoded encryption implementations. Build abstraction layers enabling algorithm updates as post-quantum standards mature. The organisations that survive this transition will be those with flexible cryptographic architectures.

Prioritise data classification by temporal sensitivity

• Not all data requires immediate protection. Focus quantum-resistant encryption efforts first on data requiring confidentiality beyond 2035—trade secrets, long-term strategic plans, genetic information, legal records. Create tiered protection strategies based on data lifespan rather than attempting simultaneous migration.

Engage vendors on post-quantum roadmaps

• Demand clarity from technology suppliers on their quantum-resistant migration timelines. Include post-quantum cryptography requirements in procurement criteria. Suppliers without credible roadmaps become liability vectors as the threat materialises.

Begin pilot implementations with NIST-approved algorithms

• Start testing CRYSTALS-Kyber, CRYSTALS-Dilithium, and other NIST-standardised post-quantum algorithms in non-production environments. Build organisational expertise now while stakes remain low. The learning curve is substantial, and waiting for crisis conditions guarantees failure.

2. Economic: Singapore SMEs Face Internationalisation Crossroads

• Singapore’s business chambers are calling for expanded government support in Budget 2026, specifically requesting larger automation grants and enhanced assistance for SMEs pursuing international expansion amid increasingly complex global trade conditions.

• The Singapore Business Federation and associated chambers argue current support mechanisms haven’t kept pace with rising operational costs, supply chain restructuring requirements, and the technical investments needed to compete in fragmenting global markets.

• SMEs represent over 99% of Singapore’s enterprises and employ roughly 70% of the workforce, making their competitiveness directly tied to national economic resilience and Singapore’s position as a regional business hub.

• Requests focus on increasing the Enterprise Development Grant ceiling, expanding automation support schemes, and creating more accessible pathways for smaller firms to establish overseas presence without disproportionate compliance burdens.

• The push reflects broader anxieties about cost competitiveness as regional neighbours offer lower operating costs while Singapore-based SMEs face escalating wages, rental expenses, and regulatory requirements.

• Industry representatives emphasise that without enhanced support, Singapore risks losing entrepreneurial talent and business formation to more cost-competitive regional alternatives, weakening the domestic economic base.

Sources

• Budget 2026: Business Chambers Want More Help for SMEs to Internationalise, Bigger Automation Grants | The Business Times | February 2026

• Singapore SME Landscape Report | Enterprise Singapore | 2025

• Regional Competitiveness and SME Development in ASEAN | ASEAN Secretariat | 2025

• Singapore Budget 2025 Review and SME Support Mechanisms | Ministry of Finance Singapore | 2025

You should be concerned if…

• Singapore-based SMEs considering regional expansion: The gap between ambition and accessible support mechanisms may widen or narrow based on Budget 2026 outcomes. Understanding the evolving grant landscape directly impacts expansion timing and strategy decisions.

• Regional competitors and partners of Singapore firms: Changes to Singapore’s SME support ecosystem affect competitive dynamics across ASEAN markets. Firms competing with or partnering Singaporean SMEs should monitor how enhanced automation grants might alter cost structures and market positioning.

• Multinational corporations with Singapore supply chain dependencies: Singapore’s SME health directly affects supply chain reliability for larger firms sourcing components, services, or logistics through the city-state. SME competitiveness challenges cascade into procurement risk.

• Workforce development and training providers: Automation grant expansions create demand for reskilling programmes and technical training. Organisations positioned to support SME workforce transitions may find expanded market opportunities.

• Regional policymakers and economic development agencies: Singapore’s approach to SME support serves as a benchmark across ASEAN. Budget 2026 decisions will influence competitive policy responses from neighbouring economies seeking to attract or retain business formation.

Preventative actions

Map grant eligibility before strategic planning

• Singapore SMEs should conduct thorough audits of current and proposed government support schemes before finalising internationalisation or automation investment decisions. Timing major capital expenditures to align with grant availability significantly affects return on investment and reduces expansion risk.

Diversify market exposure beyond single-country dependencies

• Rather than concentrating international expansion in single markets, develop presence across multiple regional economies simultaneously. This distributes regulatory and economic risk while building resilience against any single market’s volatility.

Build automation roadmaps aligned with workforce transition

• Automation investments without corresponding workforce development create implementation failures and social friction. Develop parallel tracks addressing technology acquisition and employee reskilling to maximise return on automation grants while maintaining operational continuity.

Establish regional partnership networks before expansion

• Successful internationalisation typically requires local partners, distributors, or joint venture relationships. Begin relationship-building in target markets before committing expansion capital, reducing market entry risk and accelerating revenue generation timelines.

Monitor Budget 2026 announcements for timing optimisation

• Remain closely attuned to specific Budget 2026 announcements regarding grant ceilings, eligibility criteria, and application windows. Organisations prepared to move quickly following favourable announcements gain competitive advantage over slower-responding peers.

Quick snippet stories

1. Threat Actors Weaponising LLMs for Enhanced Attack Capabilities
   Google’s threat intelligence teams confirm adversaries are actively using large language models to accelerate attack development, improve phishing sophistication, and automate vulnerability research. The democratisation of AI tools lowers barriers for less sophisticated threat actors while enabling advanced groups to scale operations. Organisations should assume AI-enhanced attacks as baseline threat reality, investing in AI-powered defensive capabilities and enhanced employee training addressing more convincing social engineering attempts.
   Main link to resource

2. Attackers Exploiting AI Summarisation Features for Data Exfiltration
   Hackers are manipulating AI summarisation tools embedded in enterprise applications to extract sensitive information by crafting prompts that cause AI systems to expose confidential data in generated summaries. This attack vector exploits the trust organisations place in AI-generated outputs and the broad data access these tools often receive. Security teams should audit AI tool permissions, implement output filtering, and restrict summarisation features from accessing sensitive data repositories.
   Main link to resource

3. Cyber and Supply Chain Risks Dominating Japanese Business Concerns
   Aon’s latest survey reveals Japanese businesses rank cyber threats and supply chain disruption as their primary risk concerns for 2026, reflecting lessons from recent regional incidents and ongoing geopolitical tensions affecting semiconductor and manufacturing supply chains. This marks a significant shift from traditional Japanese risk priorities, signalling broader regional recognition that digital and physical supply chain resilience require integrated risk management strategies rather than siloed approaches.
   Main link to resource

4. Optus Outage Highlights Escalating Third-Party Dependency Risks
   Following previous incidents including the 2023 network collapse that disabled emergency triple-zero services—potentially contributing to preventable deaths—Optus has traced its latest mobile outage to a database software update from a third-party vendor. This pattern mirrors the CrowdStrike update that crippled Microsoft systems globally and illustrates how organisations have limited visibility into vendor development and testing practices. Critical infrastructure operators must implement rigorous vendor management frameworks, staged update deployment protocols, and assume third-party software changes carry systemic risk.
   Main link to resource

5. Supply Chain Cyber Attacks Evolving in Sophistication and Scale
   Group-IB research documents continued evolution of supply chain cyber attacks throughout 2026, with threat actors increasingly targeting software development pipelines, managed service providers, and trusted vendor relationships to achieve mass compromise through single intrusion points. Attackers recognise that breaching one upstream supplier provides access to hundreds or thousands of downstream victims. Organisations must extend security requirements contractually to suppliers, implement zero-trust architectures for vendor connections, and monitor for anomalous behaviour from trusted third-party integrations.
   Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here