Cybersecurity experts have warned that organizations must stop relying on workers to spot online scams because artificial intelligence (AI) is making deception almost impossible to detect. Speaking at the Future of Cybersecurity Newcastle 2026 conference, Emmanuel Olorunnisola, Group Security Operations Intelligence Manager at Mott MacDonald Limited, and Bennet Morka, Information Security Strategy and Governance Leader at the same firm, alerted business leaders, government agencies, and technology professionals about the escalating threat from ransomware and data extortion groups targeting multiple sectors.
The Collapse of the Human Firewall
The duo argued that the long-trusted concept of the “human firewall” is collapsing under the weight of AI deception and the growing threat of quantum computing. In a world where AI can perfectly imitate voices, videos, and messages, companies must stop trying to “fix the human” and instead redesign the systems people use. Olorunnisola, a global cyber and quantum security strategist, described a cyber landscape where criminals no longer rely on crude phishing emails filled with spelling mistakes. Attackers now use generative AI tools to clone executives’ voices, create realistic video calls, and produce highly convincing messages tailored to individual employees.
Surge in AI-Powered Scams
According to figures presented during the lecture, AI-generated phishing attacks surged fourteenfold in late 2025 and now account for more than half of all phishing traffic worldwide. Olorunnisola warned that hostile states and organized criminal groups are already stealing encrypted information today in the hope of decrypting it later once quantum computers become powerful enough. This tactic, known as “Harvest Now, Decrypt Later,” means stolen data may sit unread for years before suddenly becoming accessible. He stressed that this is not a distant theory but an active security problem. “If your data needs to remain confidential for more than five years, it may already be at risk,” he told delegates.
Deepfake Fraud on the Rise
Deepfake fraud has also exploded, with more than 40 percent of organizations reportedly experiencing deepfake impersonation attacks targeting senior executives. Bennet Morka asked rhetorically, “If an employee receives a voice note from their finance director authorizing an urgent transfer, and that voice sounds exactly like the real person, how can we realistically expect staff to detect the fake?” He argued that businesses have unfairly blamed workers for cyber breaches when the real weakness lies within poorly designed systems.
Building Future Vulnerabilities
Morka said many organizations are already building future vulnerabilities into their infrastructure by buying systems today that may not support future post-quantum standards. “If you are investing in hardware that will still be running ten years from now and it cannot support quantum-safe security, you are creating tomorrow’s crisis today,” he said. He extended that argument into how organizations currently manage people as a security risk. Tracking how many users click on a simulated phishing email or complete an annual training module gives the appearance of oversight without much substance.
Rethinking Cyber Awareness Training
The speakers warned that traditional cyber awareness training is rapidly losing value in an AI-deceptive world. “Teaching workers to spot the signs of fraud may no longer be enough when fake audio and video can become mathematically perfect.” They urged organizations to stop treating staff as the final line of defense and instead move toward “augmented awareness,” where employees validate processes and intent rather than attempting to judge whether digital content is real.
The Quantum Computing Threat
The speakers then turned to what they described as a slower but equally dangerous threat: quantum computing. While AI attacks trust in the present, quantum technology could destroy trust in the future by breaking the encryption systems that currently protect sensitive data. Industries holding infrastructure designs, financial records, health information, or national security material were singled out as particularly vulnerable. Under timelines discussed during the event, businesses are expected to begin discovery and migration planning within the next few years, while high-priority systems may need to complete migration by the early 2030s.
Trust by Design Architecture
The speakers repeatedly returned to the need for “Trust by Design” architecture. Under this model, critical actions such as approving payments or accessing sensitive systems would require stronger forms of verification rooted in cryptography rather than passwords, emails, or voice confirmation. The lecture highlighted technologies such as passkeys, hardware security modules, and continuous authentication as examples of “immutable trust anchors” that cannot easily be copied by AI-generated deception.
New Metrics for Security
Morka urged companies to stop measuring cyber awareness success solely through phishing tests and instead assess how many important processes could still be executed if one staff account became compromised. Cybersecurity, they said, is no longer just about installing better software or responding faster to attacks. It is about recognizing the limits of human perception in an era where technology can imitate reality itself.
The speakers cautioned that the transition to post-quantum security will be far from simple. Newer encryption standards often impose a “performance tax,” requiring larger keys and significantly more computing power. This shift could trigger “protocol fragility,” creating critical performance bottlenecks for older network architectures, legacy industrial control systems, and constrained internet-connected devices.
Throughout the session, Olorunnisola and Morka emphasized the urgent need for “Trust-by-Design” architecture. Under this model, the traditional reliance on human judgment is replaced by systems where critical actions require stronger forms of cryptographic attestation. This moves verification away from fallible passwords, emails, or voice confirmations, which are now easily spoofed by generative AI. The lecture highlighted technologies including FIDO2/passkeys, hardware security modules, and continuous authentication as “immutable trust anchors.” These hardware-backed defenses provide a verifiable root of truth that cannot be replicated by even the most sophisticated AI-generated deception.
Morka issued a challenge to the boardroom, urging companies to stop measuring cyber awareness success solely through flawed metrics like phishing tests. Instead, he proposed a new governance standard: assessing “process resilience”—specifically, how many mission-critical processes could still be executed if a single staff account became compromised. Cybersecurity, they argued, is no longer just about installing better software or increasing the speed of response. It is about recognizing the fundamental limits of human perception in an era where technology can now imitate reality with mathematical perfection.
For Emmanuel Olorunnisola, the conclusion was definitive: “The future of security is not about trusting what you see or hear; it is about building systems where trust must always be cryptographically proven.”
