Cyber risk in 2026: What executives must know about AI, fraud, geopolitics and more

Rapid technological change, geopolitical volatility and widening capability gaps are reshaping the cyber landscape, transforming it into a catalyst for progress and vector of profound risk, according to the World Economic Forum's Global Cybersecurity Outlook 2026.

“The result is a fast-paced, metamorphic landscape,” the report states, adding that “cybersecurity is a frontier where collaboration remains not only possible, but powerful.”

The report, released ahead of the Forum's Annual Meeting in Davos, Switzerland, draws on a survey of C-Suite executives and industry experts, identifying the various trends influencing the cyberspace.

Here are the three key trends that executives will need to navigate in cybersecurity in 2026:

1. AI is supercharging the cyber arms race

AI is anticipated to be the most significant driver of change in cybersecurity in the year ahead, according to 94% of survey respondents. Technological advances indicate AI as both a force multiplier for defence and a catalyst for attackers.

As generative AI (GenAI) scales across organizations, leaders’ concerns are shifting from offensive use to unintended data exposure. In 2026, data leaks linked to GenAI (34%) now outweigh fears about adversarial AI capabilities (29%). This marks a striking reversal from previous years – in 2025, advancement of adversarial capabilities topped the list at 47% compared to only 22% for data leaks associated with GenAI. The shift underscores a turning point in the AI risk landscape for the upcoming year: while the “AI arms race” between attackers and defenders continues to intensify, attention is pivoting from purely offensive innovation with AI towards the unintended exposure and misuse of sensitive data through generative and agentic systems.

2. Geopolitics is a defining feature of cybersecurity

Geopolitics has become a defining force shaping cybersecurity in an increasingly fragmented global environment. Some 64% of organizations are accounting for geopolitically motivated cyberattacks – such as disruption of critical infrastructure or espionage.

In response to geopolitical volatility, survey respondents identified a stronger focus on threat intelligence and deeper engagement with government agencies as the top two drivers of change in their cybersecurity strategies.

Additionally, confidence in national cyber preparedness is slipping. This year, 31% of survey respondents report low confidence in their nation’s ability to respond to major cyber incidents, up from 26% last year, with start regional divides, from 84% confidence in the Middle East and North Africa to just 13% in Latin America and the Caribbean. As the gaps widen, the consequences of perceived weak preparedness are becoming increasingly tangible, exposing both organizations and individuals to rising threats such as cyber-enabled fraud.

3. Cyber-enabled fraud is threatening business and households alike

Over the course of 2025, several high-profile cyber-crime cases have dominated the headlines, with cyberattacks disrupting retail, businesses and manufacturing operations –even targeting nurseries. 73% of Global Cybersecurity Outlook survey respondents reported that they or someone in their network had been personally affected by cyber-enabled fraud over the course of 2025.

This risk had chief executive officers (CEOs) rating cyber-enabled fraud as their top concern, shifting focus from ransomware. Globally, cyber-enabled fraud is reaching record highs, and sub-Saharan Africa leads the trend, with 82% of respondents reporting exposure to digital scams, followed by North America with 79% of respondents.

While AI, geopolitical tensions and cyber-enabled fraud dominate the headlines and occupy the top concerns by executives, cyber resilience and securing complex supply chains remain under pressure.

Firstly, for major retailers the top three reported challenges to strengthening cyber resilience, according to survey data, include: the rapidly evolving threat landscape and emerging technologies (61%); third-party and supply chain vulnerabilities (46%); and cyber skills and expertise shortages (45%).

Secondly, survey data shows that supply chain exposure ranks as the top cyber risk concern among high-resilience organizations, whereas moderately resilient and insufficiently resilient organizations ranked it only fifth.

Finally, cyber capacity remains uneven across industries and regions, driven by gaps in skills, resources, and governance. While the evolving threat landscape is the top concern overall, the lack of cybersecurity expertise ranks second – particularly acute in the public sector (57%) and among NGOs (51%).

The divide is most visible between small and large organizations: 46% of small organizations report insufficient cyber expertise, compared with 29% of large organizations.

An accelerating technological age coupled with a volatile geoeconomic environment is heightening risk across the cybersecurity landscape. The growing dependency on a small number of critical digital providers remains a concern for cyber leaders, as it amplifies concentration risk across the ecosystem. Over the course of 2025, a series of outages illustrated how provider-level incidents can generate broad downstream impacts across interconnected digital ecosystems.

Additionally, over the course of 2025, economic uncertainty and geopolitical instability have become deeply intertwined, amplifying global cyber risk and complicating organizations’ ability to anticipate and mitigate emerging threats. This renewed focus on digital sovereignty reflects an urgent drive by states and organizations to safeguard autonomy, control critical assets and reduce exposure to external shocks.

Recent cyberattacks have also emphasized how deeply cybersecurity is intertwined with the broader economic landscape, inflicting tangible financial damage on businesses and national economies alike. According to United Kingdom government research, the average significant cyberattack costs businesses nearly £195,000 ($250,000). Scaled nationally, this equates to an estimated £14.7 billion ($19.4 billion) in annual economic losses.

Cybersecurity is not merely an IT function – it is a strategic business imperative and a cornerstone of national economic resilience. Beyond mitigating risk and preventing losses, it also serves as a driver of economic growth, fuelling innovation, job creation and competitiveness across industries. The Global Cybersecurity Outlook 2026 report makes clear that resilience cannot be built in isolation. In a deeply interconnected digital economy, progress depends on coordinated action across sectors, borders and value chains.