Cybersecurity risk will accelerate this year, fueled by advances in AI, deepening geopolitical fragmentation and the complexity of supply chains, the World Economic Forum (WEF) says in its annual Global Cybersecurity Outlook.
The way to combat it, however, isn’t new, the report adds. “Ultimately, strengthening collective cyber resilience has become both an economic and a societal imperative. Cybersecurity is a frontier where collaboration remains not only possible, but powerful — a reminder that, even amid fragmentation, economic strain and uncertainty, collective action can drive progress for all.”
The coming year will test not only global technological preparedness but also the capacity to align policy, ethics, and collaboration in defending an increasingly digital world, the report says.
Issued Monday, the 64 page report is based partly on answers to 19 questions from a survey last fall responded to by 804 C-suite executives, academics, civil society and public-sector cybersecurity leaders in 92 countries. That included 316 CISOs. Additional material was gathered from workshops, including a session with 21 executives from the forum’s Centre for Cybersecurity’s CISO community.
This is the fifth annual cybersecurity report from the WEF. Last year’s edition found that a series of compounding factors — geopolitical tension, intricate supply chains, regulatory proliferation and rapid technological adoption — were creating an era of escalating complexity and unpredictability, and this year’s continues the theme.
Among the latest report’s main findings:
AI is anticipated to be the most significant driver of change in cybersecurity in 2026, according to 94% of survey respondents;
87% of respondents said AI-related vulnerabilities had increased in the past year. Other cyber risks that had increased were (in order) cyber-enabled fraud and phishing, supply chain disruption, and exploitation of software vulnerabilities;
confidence in national cyber preparedness continues to erode, with 31% of survey respondents reporting low confidence in their nation’s ability to respond to major cyber incidents, up from 26% last year. Confidence levels vary greatly across regions, with 84% of respondents from the Middle East and North Africa being confident in their country’s ability to protect critical infrastructure, and only 38% of North American respondents confident their countries were prepared;
asked to rate their own organization’s cyber resilience, 23% of representatives from public sector and international organizations thought their readiness was insufficient. By contrast, only 11% of private sector respondents thought negatively about their firms;
91% of organizations with more than 100,000 employees have changed their cybersecurity strategies due to geopolitical volatility.
Interestingly, CEOs and CISOs weren’t always on the same page when it came to rating cyber risks for their organizations. In the 2025 survey, most CEOs said ransomware, cyber-enabled fraud and phishing, and supply chain disruption were their biggest cyber concerns. This year, cyber-enabled fraud and phishing shifted to number one, followed by AI vulnerabilities and exploitation of software vulnerabilities.
On the other hand, while most CISOs also said ransomware was their top concern in the 2025 survey, they reversed the CEO’s order to list supply chain disruption second, then cyber-enabled fraud and phishing. And in the latest survey, ransomware and supply chain disruption were still the top two, but the third worry is now exploitation of software vulnerabilities.
This suggests that CEOs tend to be more concerned about the broader business impacts of frauds, the report says, while for CISOs, the concern over ransomware reflects the significant operational disruption a successful ransomware attack can inflict on the availability of critical information technology (IT) and operational technology (OT) systems.
Related content: 8 things CISOs can’t afford to get wrong in 2026
The WEF report focuses on AI because leaders believe it will be the most significant driver of change in cybersecurity this year. The widespread integration of AI systems adds an expanded attack surface that creates novel vulnerabilities that traditional security controls were not designed to address, the report says. In addition, threat actors are leveraging AI to enhance the scale, speed, sophistication, and precision of their attacks.
However, defenders can also use AI, to strengthen their cyber capabilities. But, the report stresses, “AI’s benefits are contingent on disciplined execution. Poorly implemented solutions can introduce new risks — misconfiguration, biased decision‑making, over‑reliance on automation, and susceptibility to adversarial manipulation — unless organizations embed robust guardrails, security‑by‑design practices and continuous monitoring.”
“The implication is clear,” says the report. “AI can improve cybersecurity, but only when deployed within sound governance frameworks that keep human judgement at the center. At the same time, too many controls can create friction, so it is essential to strike a careful balance.”
One sign this may already be happening: 64% of respondents said their organization has a process in place for assessing the security of AI tools before deploying them, up from 37% in the previous survey in the fall of 2024.
The survey data shows 77% of respondents said their organizations have adopted AI for cybersecurity, primarily to enhance phishing detection (52%), intrusion and anomaly response (46%), and user behavior analytics (40%).
But when asked about the practical challenges of adopting AI for cybersecurity, respondents listed insufficient knowledge and/or skills (54%), the need for human oversight (41%), and uncertainty about risk (39%) as the main hurdles. These findings indicate that trust is still a barrier to widespread AI adoption, the report concludes.
“As organizations navigate the integration of AI into their security operations, the balance between automation and human judgement becomes increasingly critical,” says the report. “While AI excels at automating repetitive, high-volume tasks, its current limitations in contextual judgement and strategic decision making remain clear. Over-reliance on ungoverned automation risks creating blind spots that adversaries may exploit.”
Related content: Cybercrime is moving beyond financial gains
While AI continues to dominate the cybersecurity landscape, several other technologies and threat vectors are quietly gaining traction in the background and are expected to affect cybersecurity by 2030, says the report.
These include autonomous systems and robotics, quantum technologies, digital currencies, space technologies and undersea cables, and natural disasters and climate change. By the end of the decade, autonomous systems will be a near-term factor, from AI assisting in analysis to its directing of physical actions in factories, logistics, healthcare and public spaces. This evolution could create a new cyber‑physical risk profile, where machine‑executed decisions can alter safety and service quality within seconds, compressing detection and response windows.
By 2030, quantum technology will have evolved from a theoretical disruptor into a selective but material threat to cryptography, the report predicts. State-level or well-resourced actors may be capable of quantum-accelerated attacks on high-value targets, even as full-scale code breaking remains rare. At the same time, defenders will harness quantum-enhanced analytics and sensing for anomaly detection, creating a dynamic attacker-defender race.
Ultimately, the report concludes, building a secure digital future requires more than technical solutions. “It calls for decisive leadership, shared accountability, and a commitment to lifting the collective baseline — ensuring that resilience is accessible to all, not just the most well-resourced. As the boundaries between digital and physical worlds continue to blur, the organizations that thrive will be those that recognize cyber resilience as a shared, strategic responsibility — one that underpins trust, enables innovation and safeguards the interconnected foundations of global society.”
No Responses