Safer Internet Day 2026: From Awareness to Action in Internet Safety

At Dymesty, I am tasked with developing user interfaces that rely on an AI that is constantly active and always ‘on,’ creating a compounding risk to the user’s privacy. In devices designed to capture and use users’ voice, movement, and biometric data, any collected data can pose a legal risk or increase brand exposure risk. In one of the wearable device projects I worked on, I was responsible for reducing data collection by more than 40%, which ultimately reduced the risk of data breaches, extended battery life, and increased user trust in the device.

I tell my teams that “Internet safety now belongs less to security teams and more to product decisions made months before launch. When I restrict data collection at the source, I preclude entire attack surfaces before attackers can target them.”

Phishing and social engineering attacks are the most costly failures of organizations. Theft of credentials remains the most common entry point for data breaches, according to IBM, which costs organizations an average of $4.45 million. I advocate for real-time alerts, layered permission checkboxes, and user-friendly disclaimers integrated into the interface rather than policy documents that are often ignored.

I’ve learned that “when systems are honest and clear, people take more precautions.” When people know what the device is doing, they don’t need to be compelled to make better decisions.

Nicky Zhu, AI Interaction Product Manager, Dymesty

A Shift From Awareness to Behaviour

For Safer Internet Day, the focus has to shift from awareness to behaviour. AI is now embedded in everyday tools and organisations are adopting it faster than they’re governing it.

Internet safety in 2026 isn’t about banning technology. It’s about setting clear boundaries around data use, ensuring human oversight and building a culture where people pause before trusting polished outputs.

Most cyber incidents still begin with ordinary decisions made in a hurry. AI increases speed and with it, the potential impact of small mistakes.

Smart tech is powerful, but responsibility hasn’t moved. That still sits firmly with people and leadership.

Kevin Walker, Owner, Black Swan Security Solutions

Well-governed and Digitally Literate Use of AI and Smart Technologies

Safer Internet Day 2026 focuses on smart technology and safe choices, with particular attention on the responsible use of AI. This year’s theme is especially timely as AI becomes more deeply embedded across organisations, shaping how people work, collaborate, and make decisions. In this environment, responsible use of technology is no longer a ‘nice to have’. It is now fundamental to trust, resilience, and long‑term value.

Smart technology offers significant opportunity, from improving productivity to enabling new ways of working. However, those benefits depend on how thoughtfully it is adopted and governed. As AI‑driven tools become more widespread, organisations must ensure people are equipped not only to use them effectively, but to do so with appropriate oversight, critical thinking, and accountability.

One of the growing challenges is the increasing volume of AI‑generated content and the difficulty of distinguishing what is reliable and authentic. This places greater emphasis on digital literacy and clear organisational frameworks that support informed decision‑making, rather than blind reliance on technology alone.

At the same time, risks around data privacy, cyber security, and misuse continue to evolve. Protecting organisational and personal data requires a clear understanding of its value, how it is managed, and how responsibilities are shared. Just as important is having clear processes in place for responding to incidents or emerging threats, so issues can be identified and addressed quickly and effectively.

Ultimately, safe and responsible use of technology is built through a combination of secure infrastructure, sound governance, and ongoing education. As AI and digital platforms continue to develop, fostering a culture of accountability, transparency, and informed decision‑making will be critical to ensuring technology remains a force for positive and sustainable progress.

Sean Tilley, Senior Sales Director – EMEA, 11:11 Systems

Advice From a Girl Dad CEO:

In my opinion, internet safety is no longer an IT topic. It is a leadership topic because the internet is where business happens. We sell, support customers, hire, bank, and collaborate online. That convenience also concentrates risk. When trust breaks, the impact is immediate. You can see it in lost revenue, legal exposure, stalled operations, and long-term brand damage. This is why executive teams should treat internet safety as part of governance and business continuity, not a technical afterthought.

I am also writing as a CEO and a Girl Dad. I regularly ask myself what I can do to keep my daughter from being pulled too deeply into the internet, because online access is everywhere and built into almost everything kids touch. In my opinion, the goal is not fear or isolation. The goal is healthy boundaries and strong habits, so children can benefit from technology without being exposed to avoidable harm.

Mobile games deserve special attention. Many are designed to keep children engaged for extended periods and to encourage interaction with others. In my view, the risk is not limited to screen time. It is the communication layer. In-game chat, friend requests, and direct messages can be used by predators to build trust, push secrecy, and move conversations to private platforms. This is also where families should connect internet safety to human trafficking awareness. Traffickers and exploiters often begin with online recruitment tactics that appear to offer friendship, support, or opportunity. The entry point can be a game, a social feature, or a seemingly harmless message. The protection is early awareness, strong settings, and a home culture where kids know they can report anything without fear.

From the IT and cybersecurity vendor leader perspective, strong cybersecurity and robust cyber hygiene are the foundation. In plain terms, that means we reduce the number of ways attackers can gain access and make it harder for a simple mistake to become a major incident. We focus on multi-factor authentication for every critical account, strong passphrases and password managers, routine updates and patching, secure backups, and limiting access so users can only access what they need. We also train employees and customers to recognize modern scams, slow down under pressure, and verify requests involving money, credentials, or sensitive data using a second method of confirmation. In my opinion, a simple verify first culture prevents more damage than any single tool.

For families, practical cyber hygiene is just as important. Keep devices updated, use strong passwords and enable multi-factor authentication where available, and turn off location sharing by default. For gaming specifically, review privacy settings together, restrict who can message or friend your child, and disable open chat when possible.

Most importantly, set a simple family rule. No secrets with online contacts. If anyone asks to move the conversation elsewhere, asks for pictures, asks for money, or creates urgency, your child should stop and come to you immediately.

The conversation this Safer Internet Day must evolve to reflect a new reality: AI agents are no longer just tools, they’re autonomous actors operating at machine speed across the digital ecosystem. While AI agents unlock powerful efficiencies, they also introduce new security risks by acting like users, making decisions, and accessing systems in ways that are difficult to distinguish from human behavior. When left ungoverned, these agents can be exploited or behave unpredictably, expanding the attack surface and undermining what can be trusted.

Combating this risk requires a shift toward verified trust, where every digital interaction is continuously validated, not assumed. Organizations must move beyond static credentials and adopt identity-first security models that verify who, and what, is accessing systems, under what context, and with what intent. By combining strong identity verification, real-time risk assessment, and adaptive access controls, businesses can enable AI innovation while protecting users, data, and trust in an increasingly agentic internet.

Alex Laurie, Go-To-Market Chief Technology Officer (GTM CTO), Ping Identity

Abandon the Illusion That Every Attack is Preventable

Cybersecurity awareness cannot be treated as an annual campaign or a box-ticking exercise. Attackers look for this type of complacency. To be effective, awareness must be woven into the culture of the company. That means frequent refreshers and reinforcement of good habits throughout the year. It also means embedding security into day-to-day processes rather than treating it as an extra step. Simple, consistent actions — such as applying patches on time, verifying access rights, and monitoring for anomalies — build a strong defense when practiced continuously. These actions build a cyber defense culture in which awareness and readiness are second nature to every employee, every day.

Tom Leyden, VP Product Marketing, Scality  

A safer internet is built on trust. When organizations can confidently verify who they’re engaging with, they can reduce fraud, prevent abuse, and create safer digital experiences for everyone. I proudly support the goals and initiatives behind Safer Internet Day, a worldwide effort that brings together individuals, organizations, educators, governments, and businesses to promote the safe and positive use of digital technology for all, especially young people and vulnerable users.

This global campaign encourages education, awareness, and responsible behavior online under its guiding theme of “Together for a better internet,” which emphasizes collaboration and shared responsibility in making the digital world safer and more inclusive for everyone. I believe that the promise of the digital world cannot be fully realized without a continuous and conscientious effort to ensure people can operate in a trusted, safe environment.

For children and young people, that effort is especially critical. As younger users increasingly engage with digital platforms for learning, connection, and creativity, it’s essential that online experiences are appropriate for their age, development, and needs. A safer internet for young people means creating environments where they can explore and participate without being exposed to harmful content, bad actors, or experiences they’re not ready for. Trusted identity plays an important role in enabling platforms to apply the right safeguards, protections, and access controls, helping ensure that young users can engage online in ways that are both empowering and safe.

Digital platforms offer incredible opportunities for connection, learning, and innovation, but they also introduce risks such as cyber threats, harmful content, identity misuse, and online abuse. Safer Internet Day shines a spotlight on these challenges, calling on communities and technology companies alike to step up with practical solutions and proactive engagement—particularly when it comes to protecting younger audiences.

Mitch Bompey, General Counsel & Chief Risk Officer, Prove

Data Protection, Backup, and Safety

As AI becomes part of how we work, shop, and play, it’s important to remember that these tools are only as good as the data behind them. If that data isn’t protected, backed up, and kept safe from cyber threats, even the smartest technology can fail. A safer internet isn’t just about stopping hackers, it’s about being prepared, protecting information, and making sure data can always be recovered. When organizations focus on keeping data secure and resilient, everyone benefits from a more reliable online world.

However, just having these backups isn’t enough. Many organizations think they’re protected because they have backups, but true cyber resilience and internet safety means knowing those backups actually work. As cyber threats continue to evolve, keeping the internet safer requires ongoing effort: regularly testing recovery plans, protecting data from being altered or locked, and making sure important information can always be restored. When businesses invest continuously in resilience, it helps create a more secure and reliable online experience for everyone.

While companies adopt immutable storage to improve security, meet regulatory standards, and build trust with stakeholders, individuals should apply the same approach to their personal data by choosing secure, tamper-proof backups. A safer internet starts with a Zero Trust approach at all levels, ensuring that security is based on verification and resilience rather than trust.

While AI is already influencing cybersecurity in meaningful ways, fully autonomous, self-directing AI-driven cyberattacks are unlikely to become a dominant threat in 2026. Recent state-sponsored espionage campaigns demonstrate that selective, high-cost autonomy is now possible under favorable conditions, but these operations remain human-supervised, fragile to unreliable feedback, and dependent on permissive identity and access environments.

Operating effective autonomous attack campaigns in real enterprise environments remains complex, costly, and unpredictable. Noisy signals, environment variance, hallucination-prone outputs, operational risk, lack of reliable feedback loops, and high infrastructure costs make fully autonomous attacks economically unfeasible in most cases over the next year.

Instead, attackers will continue to use AI to accelerate existing techniques – reconnaissance, impersonation, access abuse, and workflow execution – rather than fully replace human decision-making entirely. The more immediate challenge for defenders will be maintaining resilience against AI-accelerated attacks denying the conditions automation depends on, including broad access, clean feedback, and durable reward. Strong identity controls and data visibility remain the most effective safeguards, even as automation advances.

Dirk Schrader, VP of Security, Netwrix

1. Limit the Personal Data You Share – If it isn’t doesn’t require it, consider not sharing it. What isn’t shared can’t be leaked.  
2. Choose Trusted Apps – Trending isn’t the same as trust. Only hand over your information to companies with a track record.
3. Review Privacy Settings and Terms of Service – While this can be a dull task, you need to know what privacy and rights you are giving up by using an app.
4. Clean Up Your Digital Footprint – Delete apps and purge accounts you don’t use.

Brendon Collins, principal consultant, Optiv

Measure What Actually Matters

I’ve been building IT systems for over 15 years, and one thing’s become crystal clear: internet safety isn’t just about buying better tools–it’s about measuring what actually matters. At Cyber Command, we shifted from treating security as a checkbox to tracking real KPIs that show whether defenses are actually working.

The biggest change we made was implementing mandatory MFA coverage tracking across every client environment. We don’t just turn it on–we measure adoption rates monthly and publish them to leadership. One manufacturing client went from 34% MFA coverage to 98% in four months once they could see the gap in black and white. That single change blocked over 99% of credential-based attacks during their last attempted breach.

The second game-changer is measuring phishing test results alongside actual incident rates. We run quarterly simulated phishing campaigns and correlate click rates with real-world security events. When one healthcare client’s click rate dropped from 18% to 3% after targeted training, their helpdesk tickets for suspicious emails went up 240%–meaning staff were finally reporting threats instead of falling for them. That behavioral shift matters more than any firewall upgrade.

For Internet Safety Day specifically, I’d tell any IT leader to pick three metrics you can actually influence: MFA coverage percentage, phishing simulation click rates, and time-to-patch for critical vulnerabilities. Publish them monthly where your executive team can see them. What gets measured gets managed, and internet safety is no exception.

Reade Taylor, Technology Leader, Cyber Command

Creating a Crisis-ready Infrastructure

I’ve been in cybersecurity since 2008, spoken at West Point and the Nasdaq podium, and here’s what we’re actually doing differently this year: we’re shifting from “employee training” to what I call crisis-ready infrastructure.

Most companies still treat internet safety like it’s about preventing breaches. That’s backwards. We tell our Central New Jersey clients upfront: it’s not *if* you’ll be compromised, it’s *when*. Last year ransomware attacks jumped 37% with average demands hitting $5.3 million. So instead of just teaching people to spot phishing emails, we implement the T.I.M.E. method–Train staff, Invest in monitoring software, Make sure access to sensitive data is limited, and Enforce multi-factor authentication. The “limit access” piece is critical because even when someone clicks a bad link, the damage stays contained.

The second shift is IoT lockdown. Your employees might secure their laptops, but their smart coffee maker in the break room? That’s 100+ new entry points hackers are exploiting. We had one client get breached through a connected thermostat. Now we segment IoT devices onto separate networks so they can’t become backdoors to your actual business systems.

The legal pressure is real too. The FTC is actively fining companies for “unreasonable security,” and California’s CCPA hits you with $100-$750 per person affected in a breach. We’re seeing business owners finally treat cybersecurity like liability insurance–because legally, that’s exactly what it is now.

Paul Nebb, CEO, Titan Technologies

Automated Checks In Your Development Process

We tried a bunch of approaches to security, but what really worked was putting automated checks right into our development process. We catch vulnerabilities before our code goes live now. My advice is to start small. Focus on automating one area at a time, so nothing gets missed as your operations grow.

John Turns, Chief Technology Consultant, Seisan

Security Role Play and Quick Tests

For Internet Safety Day, here’s what worked for us at Performance One. We started doing simple security role-plays and quick tests, which helped our team notice suspicious emails faster. Multi-factor authentication made the biggest difference once everyone got why it mattered. It stopped several phishing scams. My advice? Keep security practical and talk openly about it. People actually follow the rules when they understand the reasons behind them.

Richard Spanier, President & CEO, Performance One Data Solutions (Division of Ross Group Inc)

Treating Communications Infrastructure Like a Physical Security Layer

I run a business technology firm across Dallas, Tampa, and Orlando, and the biggest internet safety shift I’ve made is treating communications infrastructure like a physical security layer. When we deployed unified communications and security cameras for that nationwide preschool chain last year, we put every device–IP phones, access points, cameras–on isolated network segments with their own firewall rules. If someone compromises a camera, they can’t pivot to payroll data.

The part nobody talks about enough is vendor sprawl. Most SMBs we work with have five different vendors managing phones, internet, cameras, IT support, and cloud services. Each one is a separate attack surface with different password policies and security standards. We’ve seen actual breaches start because a camera vendor’s technician still had remote access three years after installation. Consolidating to one vendor with unified credential management cuts your exposure dramatically.

What actually moves the needle is making security invisible to end users. We default every phone system deployment to encrypted calls and auto-provision devices so employees can’t skip MFA setup. When security requires extra steps, people find workarounds that create bigger holes. The preschool project succeeded because teachers never noticed the security–they just picked up phones that worked, while we locked down the backend with certificate-based device authentication and automated patch management.

Patrick Brangan, CEO & President, Centra IP Networks

More Security News