On-the-ground analysis from our security intelligence team, highlighting the threat signals and patterns shaping today’s risk environment.

As we enter 2026, the global risk landscape continues to evolve, bringing new challenges, shifting threat patterns, and critical implications for organizations of all types.

---

This Month at a Glance

• Sustained civil unrest tied to ICE operations, with elevated protest and spillover risk
• Converging cyber-physical threats targeting critical infrastructure
• Reputational exposure for organizations perceived as aligned with federal enforcement, regardless of accuracy
• Market volatility raising insider risk and driving sudden cost-cutting that can weaken security postures
• Ongoing threats to symbolic soft targets, including religious institutions and culturally
  significant sites

What We’re Watching

Emerging trends or risks we’re keeping a close eye on right now:

 

---

Physical Risk | Civil Unrest + Spillover Violence Linked to ICE Activity
Signal Strength: High

Based on pattern analysis of prior enforcement-driven unrest cycles (2020–2024), we assess continued protest activity through Q2 2026, with the highest volatility occurring following large-scale enforcement actions or viral social media narratives. ICE has added over 12,000 new agents (120% increase) and six Boeing 737s acquired for deportation operations. Other related risks include:

• Violent Fringe Activity: Most protests remain peaceful, but fringe anarchist and anti-capitalist
  groups have escalated to arson, sabotage, and armed attacks on federal buildings and affiliated
  sites.
• Crowd Cover Tactics: Violent actors blend into lawful protests, using crowds as distraction to
  launch targeted actions.
• Spillover Threat: This creates increased risk for adjacent businesses, public spaces, and contractors—especially those perceived as connected to federal operations.

What this means for security leaders:

• Expect sustained tension: Protests and enforcement-related unrest are likely to continue for the foreseeable future, with periodic spikes in risk rather than isolated, one-time events.
• Disinformation moves fast: Activist messaging networks can quickly amplify false or misleading narratives, accelerating protest turnout and unpredictability.
• Stay alert around key locations: Elevate vigilance around government buildings, downtown areas, transit hubs, and sites associated with federal personnel or immigration enforcement.

Ongoing context and real-time reporting
Rozin Security has been publishing weekly, and at times daily, bulletins assessing heightened security risks in Minneapolis tied to ongoing ICE operations. Read the latest report here.

 

---

Reputational Risk | Spillover from Federal Enforcement Association
Signal Strength: Moderate

• Organizations perceived as supporting ICE face elevated reputational and protest risk, regardless of the accuracy of those associations. Ongoing demonstrations and media narratives can quickly extend pressure to adjacent organizations, facilities, vendors, or landlords.
• Separately, the pending Supreme Court decision in Louisiana v. Callais (expected June 2026) is likely to limit Section 2 of the Voting Rights Act, potentially reducing representation across multiple congressional districts. While current impacts are legal and political rather than violent, lasting feelings of exclusion have historically correlated with heightened civil tension and mobilization.

What this means for security leaders:

• Perception becomes a risk vector: Proximity or assumed alignment may be enough to trigger demonstrations or disruptions.
• Monitor narratives, not just facts: Stay ahead of online sentiment that may drive real-world action.

 

---

Operational Risk | Critical Infrastructure
Signal Strength: Medium

Cyber threats to critical infrastructure remain a primary concern, with nation-state actors from China, Russia, and Iran sustaining pre-positioning on U.S. networks, heightening the likelihood of disruptive attacks on operational technology.

Cyber attacks, such as ransomware, remain common, frequently causing system outages, service disruptions, and operational downtime—especially where contingency planning is limited.

What this means for security leaders:

• Treat threats as converged: Cyber, physical, facilities, and operations teams must align.These domains are no longer separate in today’s threat environment.
• Break down silos: Establish fast, direct communication channels across departments to ensure coordinated response and awareness.
• Test contingency plans: Review downtime protocols, including manual overrides, backup comms, and staff surge coverage, especially at critical infrastructure points.

 

---

 

Strategic Risk | Shifts in U.S. Strategic Posture
Signal Strength: Medium

• The latest U.S. National Security Strategy marks a clear pivot toward homeland defense and stronger regional control across the Americas. The focus is now on threats closer to home—such as mass migration, drug trafficking, transnational crime, and increasing foreign (especially Chinese) influence on critical infrastructure and key trade routes like the Panama Canal.
• Venezuela remains a key concern. On January 3, 2026, U.S. forces carried out strikes in Caracas, capturing President Nicolás Maduro and his wife, Cilia Flores. Both were transported to the U.S. to face federal charges tied to narcotics and terrorism. Maduro was arraigned in New York shortly after. The operation reflects growing concerns over Venezuela’s ties to Russia, China, and Iran, and its role in fueling migration and organized crime.
• The new strategy includes:
  • Expanded Coast Guard and Navy operations
  • Enhanced maritime and trade route security
  • Increased counter-cartel and migration interdiction efforts
  • Economic focus on near-shore supply chains to reduce global shock exposure

What this means for security leaders:

• Critical infrastructure is now a high-value target: Ports, utilities, telecom hubs, data centers, and chokepoints will attract more interest from nation-states, cartels, and proxies.
• Reassess: 1) Site hardening and access control measures; 2) Insider threat programs and employee risk monitoring; and 3) Cyber–physical integration across facilities and operations
• Focus especially on regions tied to trade, logistics, and energy.

 

---

Financial Risks | Market Volatility
Signal Strength: Low

• Billionaire investor Ray Dalio warns that the U.S. national debt—now $38 trillion—is unsustainable. He forecasts a potential monetary crisis, where the government either prints money or faces default.
• Rising global tensions could trigger a “capital war” where currency and capital flows become strategic weapons, eroding trust in U.S. assets.
• Dalio also flags early signs of an AI investment bubble, with inflated valuations driving market volatility and fueling economic uncertainty heading into 2026.

What this means for security leaders:

• Prepare for operational disruption: Market swings often trigger layoffs, closures, or rapid cost-cutting—weakening physical and personnel security.
• Watch for insider risk: Financial stress, compensation uncertainty, or equity loss can lead to disengagement or opportunistic behavior among high-access employees.
• Tighten controls:
  • Strengthen offboarding protocols
  • Review access revocation timelines
  • Enhance monitoring for insider threat indicators

 

---

 

What’s Flying Under the Radar?

Physical Security Risk | Religion-Based Targeting
Signal Strength: Low/Moderate

Targeting of religious institutions (churches, synagogues, and mosques) has remained elevated globally, with trends continuing through 2025 and early 2026. Specifics include:

• In 2025 releases, the Family Research Council, a non-profit research and educational organization, documented 415 hostile acts against U.S. churches in 2024, a level that remains elevated despite a decline from 2023.
• FBI hate crime data (Aug 2025) shows 11,679 total incidents in 2024; 23.5% were religion-based.
• The ADL’s 2025 Audit documented 9,354 antisemitic incidents in the U.S. in 2024, remaining at historically high levels.
• In the U.K., CST tracked 1,521 antisemitic incidents in just the first half of 2025, frequently linked to Israel-Palestine tensions and broader geopolitical narratives.
• A joint ADL–Jewish Federations study found 55% of U.S. Jews experienced antisemitism in the prior year, with many reporting it as a routine part of daily life.

What this means for security leaders:

• Prioritize community engagement: Trusted relationships improve awareness of emerging threats.
• Harden soft targets: Implement visible yet approachable security during services and high-attendance events.
• Stay ahead of flashpoints: Increase vigilance during geopolitical flare-ups, high-holiday observances, or societal tension
• Audit threat-reporting pathways to ensure signals are captured early—even from informal or community-based sources.

 

---

 

Analyst-to-Analyst

What’s one piece of practical advice you’d offer a peer managing risk at their organization?

Don’t underestimate the prep work before travel, especially in today’s risk climate. Whether it’s for your team, an executive, or a high-profile client, the context on the ground changes fast.

Before anyone heads to a new location, take time to understand what’s actually happening there. Observe things like local unrest, political tensions, or health-related disruptions. Tailored briefings can make all the difference when decisions need to be made quickly or quietly.

 

---

 

For organizations requiring tailored threat intelligence, executive travel briefings, or embedded analytic support, contact our Intelligence Division at info@rozinsecurity.com