Amid continuing geopolitical fragmentation and the ever-increasing spread of AI, threats to global cybersecurity have never been higher, according to a new survey.
The World Economic Forum’s 2026 Global Cybersecurity Outlook, based on responses from 804 C-suite executives, academics, civil society and public-sector cybersecurity leaders from 92 countries, reports that 94% of survey respondents expect AI to be the most significant driver of change in cybersecurity in the year ahead.
As organisations embrace AI and automation more widely, so awareness of the imperative for greater security is increasing. This year nearly twice as many respondents report that they have put in place processes to gauge the security of AI tools.
Perceptions of the cyber risks that will drive cybersecurity strategies also focus heavily on AI, with 87% of respondents putting AI vulnerabilities top of the list. The report comments that the pace at which organisations are taking up and deepening their use of AI is creating weaknesses that traditional controls were not designed to address. And while AI offers new means to strengthen cyber defences, criminals are also harnessing its capabilities to enhance the scale, speed, sophistication and precision of their attacks.
Geopolitics remains the dominant influence on cyber risk mitigation strategies, with nearly two-thirds of organisations accounting for threats such as state-linked espionage and attacks on critical infrastructure.
The proportion of survey participants expressing a lack of confidence in their nation’s ability to respond effectively to major cyber incidents rose to 31%, up from 26% last year, reflecting the sense of uncertainty and vulnerability. However, the average masks a marked difference between regions, with Middle East and North Africa at one end of the spectrum and Latin America and the Caribbean at the other.
Despite its leading role in protecting critical infrastructure, the public sector shows comparatively low confidence in national preparedness, with nearly a quarter (23%) of organisations reporting inadequate cyber-resilience capabilities, compared with 11% in the private sector. At C-suite level, less than half of all private-sector CEOs are confident in their country’s preparedness to respond to major cyber incidents targeting critical infrastructure.
In relation to generative AI (GenAI), CEOs are primarily concerned about the potential for exposure of proprietary data, and the growing sophistication of cyber attackers.
Leaders of highly resilient organisations rank external ecosystem risks as the primary barrier to cyber resilience, while their less resilient counterparts emphasise budget constraints and talent shortages, the report says.
CEOs in Europe and North America are the most confident in the skills level of their people, with two-thirds reporting that their organisation has adequate skills to meet cybersecurity goals. CEOs from Sub-Saharan Africa, Latin America and the Caribbean recognise a significant shortfall.
