Cybersecurity experts have warned that organisations must stop relying on workers to spot online scams because artificial intelligence (AI) is making deception almost impossible to detect.

Speaking at the Future of Cybersecurity Newcastle 2026 conference alongside other keynote speakers recently, Emmanuel Olorunnisola, Group Security Operations Intelligence Manager, Mott MacDonald Limited and Bennet Morka, Information Security Strategy and Governance Leader, Mott MacDonald Limited, alerted business leaders, government agencies and technology professionals on the continued threat from ransomware and data extortion groups targeting organisations across multiple sectors.

The Future of Cyber Security Conference series aims to help businesses to stay one step ahead of attackers through several insightful sessions not available at any other security conference.

In addition to extensive peer-to-peer networking opportunities, The Future of Cyber Security 2026 series also facilitates direct access between senior decision-makers and leading suppliers of cyber security products and services.

Addressing participants, including security leaders, practitioners and decision-makers at the conference during their sessions, the duo said in a world where AI can perfectly imitate voices, videos and messages, companies must stop trying to “fix the human” and instead redesign the systems people use.

They argued that the long-trusted idea of the “human firewall” is beginning to collapse under the weight of AI deception and the growing threat of quantum computing.

In his opening speech at the conference, which had over 500 security professionals and executives in attendance within the Northeast part of England, Emmanuel Olorunnisola, who is a global Cyber & Quantum Security Strategist, described a cyber landscape where criminals no longer need crude phishing emails filled with spelling mistakes.

He explained that attackers are now using generative AI tools to clone executives’ voices, create realistic video calls and produce highly convincing messages tailored to individual employees.

He pointed to a dramatic rise in AI-powered scams in recent months. According to figures he presented during the lecture, AI-generated phishing attacks surged fourteenfold in late 2025 and now account for more than half of all phishing traffic worldwide.

Olorunnisola warned that hostile states and organised criminal groups are already stealing encrypted information today in the hope of decrypting it later once quantum computers become powerful enough.

The tactic, known as “Harvest Now, Decrypt Later”, means stolen data may sit unread for years before suddenly becoming accessible.

He stressed that this is not a distant theory but an active security problem happening right now.

“If your data needs to remain confidential for more than five years, it may already be at risk,” he told delegates.

Deepfake fraud has also exploded. More than forty percent of organisations are said to have experienced deepfake impersonation attacks targeting senior executives.

On his part, Bennet Morka, Senior Information Security leader, asked rhetorically, “If an employee receives a voice note from their finance director authorising an urgent transfer, and that voice sounds exactly like the real person, how can we realistically expect staff to detect the fake?”

He argued that businesses have unfairly blamed workers for cyber breaches when the real weakness lies within poorly designed systems.

Morka said many organisations are already building future vulnerabilities into their infrastructure by buying systems today that may not support future post-quantum standards.

“If you are investing in hardware that will still be running ten years from now and it cannot support quantum safe security, you are creating tomorrow’s crisis today,” he said.

Bennet extended that argument into the practical reality of how organisations currently manage people as a security risk. Much of that measurement, he suggested, is pointing in the wrong direction. Tracking how many users click on a simulated phishing email or complete an annual training module gives the appearance of oversight without much of the substance.

The speakers warned that traditional cyber awareness training is rapidly losing value in an AI-deceptive world, adding that, ‘’teaching workers to spot the signs of fraud may no longer be enough when fake audio and video can become mathematically perfect.’’

The pair said organisations should stop treating staff as the final line of defence but move towards what they called “augmented awareness”, where employees validate processes and intent rather than attempting to judge whether digital content is real.

The speakers then turned to what they described as a slower but equally dangerous threat, quantum computing.

While AI attacks trust in the present, they said quantum technology could destroy trust in the future by breaking the encryption systems that currently protect sensitive data.

Industries holding infrastructure designs, financial records, health information or national security material were singled out as particularly vulnerable.

The speakers highlighted growing pressure from authorities for organisations to prepare for the transition to post-quantum cryptography.

Under timelines discussed during the event, businesses are expected to begin discovery and migration planning within the next few years, while high-priority systems may need to complete migration by the early 2030s.

They cautioned that moving to post-quantum security will not be simple, explaining that newer encryption standards often require larger keys and more computing power, potentially creating performance problems for older networks, industrial systems and internet-connected devices.

The speakers repeatedly returned to the need for what they called “Trust by Design” architecture.

Under this model, critical actions such as approving payments or accessing sensitive systems would require stronger forms of verification rooted in cryptography rather than passwords, emails or voice confirmation.

The lecture highlighted technologies such as passkeys, hardware security modules and continuous authentication as examples of “immutable trust anchors” that cannot easily be copied by AI-generated deception.

Morka urged companies to stop measuring cyber awareness success solely through phishing tests and instead assess how many important processes could still be executed if one staff account became compromised.

Cybersecurity, they said, is no longer just about installing better software or responding faster to attacks. It is about recognising the limits of human perception in an era where technology can imitate reality itself.

The speakers cautioned that the transition to post-quantum security will be far from simple.

They explained that newer encryption standards often impose a “Performance Tax,” requiring larger keys and significantly more computing power. This shift could trigger “Protocol Fragility,” creating critical performance bottlenecks for older network architectures, legacy industrial control systems, and constrained internet-connected devices.

Throughout the session, Olorunnisola and Morka repeatedly returned to the urgent need for what they termed “Trust-by-Design” architecture.

Under this model, the traditional reliance on human judgment is replaced by a system where critical actions such as approving high-value payments or accessing sensitive infrastructure will require stronger forms of Cryptographic Attestation. This moves verification away from fallible passwords, emails, or voice confirmations, which are now easily spoofed by generative AI.

The lecture highlighted a suite of technologies, including FIDO2/Passkeys, Hardware Security Modules (HSMs), and Continuous Authentication, as examples of “Immutable Trust Anchors.” These hardware-backed defences provide a verifiable root of truth that cannot be replicated by even the most sophisticated AI-generated deception.

Morka issued a challenge to the boardroom, urging companies to stop measuring cyber awareness success solely through flawed metrics like phishing tests. Instead, he proposed a new governance standard: assessing “Process Resilience” specifically, how many mission-critical processes could still be executed if a single staff account became compromised.

Cybersecurity, they argued, is no longer just about installing better software or increasing the speed of response. It is about recognising the fundamental limits of human perception in an era where technology can now imitate reality with mathematical perfection.

For Emmanuel Olorunnisola, the conclusion was definitive: “The future of security is not about trusting what you see or hear; it is about building systems where trust must always be cryptographically proven.”