Artificial intelligence (AI), geopolitics, and cyber-enabled fraud make up the three main trends executives expect to reshape the cybersecurity landscape in 2026, according to the World Economic Forum’s Global Cybersecurity Outlook 2026.
AI is expected to be the most significant driver of change in cybersecurity in the year ahead, according to 94% of respondents. “This growing recognition is translating into concrete action across organisations,” the report said. The percentage of respondents assessing the security of AI tools increased from 37% in the 2025 outlook to 64% this year.
Simultaneously, AI vulnerabilities are accelerating at an unprecedented pace. Eighty-seven per cent of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk over the course of 2025. Widespread integration of AI systems introduces an expanded attack surface, creating novel vulnerabilities that traditional controls were not designed to address, the report said.
At the same time, security teams and adversaries are harnessing AI’s capabilities. Together, these dynamics illustrate the dual use of AI, as a force multiplier for defence and a catalyst for attackers, the report said.
The report surveyed more than 800 employees globally (including 500 C-suite leaders) between August and October last year.
Geopolitics adds further complexity for organisations. Notably, 91% of the largest organisations have changed cybersecurity strategies because of geopolitical volatility. Overall, 64% of respondents said their organisations are accounting for geopolitically motivated cyberattacks — such as disruption of critical infrastructure or espionage.
One reason organisations expect geopolitical concerns to disrupt cybersecurity strategies in 2026 is distrust in their nation’s preparedness for sophisticated cyberattacks. Thirty-one per cent of respondents reported low confidence in their nation’s ability to respond to major cyber incidents, up from 26% last year.
For CEOs, cyber-enabled fraud risks in particular are top of mind. Their focus has shifted from ransomware attacks — the biggest concern for CEOs in 2025 — to cyber-enabled fraud and phishing in 2026, as 73% of respondents said they or someone in their network had been personally affected by cyber-enabled fraud in 2025.
CEO priorities depend on resilience levels
While CEOs view cyber-enabled fraud, AI vulnerabilities, and exploitation of software vulnerabilities as the leading risks affecting their organisations this year, resilient organisations are more attuned to the evolving risks posed by advanced technologies, the report added
“Cyber-enabled fraud and phishing remain the top cybersecurity concerns for CEOs of insufficiently resilient organisations,” the report said. “However, as resilience strengthens, risk perception shifts towards emerging threats: Among CEOs of highly resilient organisations, AI-related vulnerabilities rise to the top.”
When it comes to AI risks, CEOs identify data leaks (30%) and the advancement of adversarial capabilities (28%) as the most significant security concerns related to generative AI — ahead of technical security of the AI systems (15%), increased complexity of security governance (13%), legal concerns of intellectual property and liability (9%), software supply chain and code development risks (6%).
CEOs of highly resilient organisations cite external ecosystem risks as the top challenge to cyber resilience, while less resilient peers point to funding and skills shortages.
However, cybersecurity priorities diverge between the boardroom and the front line, the report said. Chief information security officers (CISOs) are concentrating risk mitigation on ransomware attacks, supply chain disruption, and exploitation of software vulnerabilities.
“This suggests CEOs are prioritising financial loss prevention and preparing for new threats, while CISOs remain focused on operational resilience,” the report said.
— To comment on this article or to suggest an idea for another article, contact Steph Brown at Stephanie.Brown@aicpa-cima.com.
