> **来源:[研报客](https://pc.yanbaoke.cn)** # Global Cybersecurity # Outlook 2026 INSIGHT REPORT JANUARY 2026 # Contents Foreword 3 Executive summary 4 1 Five years of the Global Cybersecurity Outlook 9 2 The view from the top: CEOs' priorities in a shifting cyber landscape 10 3 The trends reshaping cybersecurity 17 3.1 Al is reshaping risk, accelerating both offence and defence 18 3.2 Geopolitics is a defining feature of cybersecurity 24 3.3 The evolving landscape of cybercrime: AI, fraud and the global response 30 3.4 Cyber resilience is the key to safeguarding economic value 34 3.5 Securing supply chains amid opacity and concentration risks 45 3.6 Drivers of cyber inequity in 2026 48 3.7 Future threat vectors are emerging in silence 54 Conclusion 56 Appendix: Methodology 57 Contributors 58 Endnotes 61 # Disclaimer This document is published by the World Economic Forum as a contribution to a project, insight area or interaction. The findings, interpretations and conclusions expressed herein are a result of a collaborative process facilitated and endorsed by the World Economic Forum but whose results do not necessarily represent the views of the World Economic Forum, nor the entirety of its Members, Partners or other stakeholders. © 2026 World Economic Forum. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system. # Foreword Jeremy Jurgens Managing Director, World Economic Forum In an era defined by accelerating technological change, persistent geopolitical volatility and widening capability gaps, the cyber landscape has become both a catalyst for progress and a vector of profound risk. Cybersecurity risk in 2026 is accelerating, fuelled by advances in AI, deepening geopolitical fragmentation and the complexity of supply chains. These shifts are compounded by the enduring sovereignty dilemma and widespread cyber inequity, two factors that expose systemic vulnerabilities. The result is a threat environment where the speed and scale of attacks are testing the limits of traditional defences. Paolo Dal Cin Global Cybersecurity Lead, Accenture Now in its fifth year, the Global Cybersecurity Outlook has become an authoritative reference, empowering leaders with the insights they need to navigate cyber challenges, as well as an important instrument with which to redefine business strategy, enterprise investments and government initiatives and seize the opportunities of today's cybersecurity landscape. By examining leaders' perspectives and highlighting the priorities that drive success, this report delivers a clear message: cybersecurity is not predetermined. Its future depends on the choices we make today. By investing in foresight, capability and innovation, and by strengthening collaboration across industries, sectors and national boundaries, we can transform volatility into momentum and build a safer, more resilient digital future together. # Executive summary Cybersecurity is a frontier where collaboration remains not only possible, but powerful. Cybersecurity in 2026 is accelerating amid growing threats, geopolitical fragmentation and a widening technological divide. Artificial intelligence (AI) is transforming cyber on both sides of the fight – strengthening defence while enabling more sophisticated attacks. Organizations are striving to balance innovation with security – embracing AI and automation at scale, even as governance frameworks and human expertise struggle to keep pace. The result is a fast-paced, metamorphic landscape where disruptions move swiftly across borders, even as technology offers new potential for resilience. This year's report examines the intersection of AI adoption and cyber readiness, and the emerging disparities that innovation creates. On the geopolitical front, fragmentation and sovereignty concerns are reshaping cooperation and trust among nations. Hybrid threats and escalating cyberattacks reflect the increasing volatility of the global environment. From an economic perspective, unequal access to resources and expertise continues to widen cyber inequity. Ultimately, strengthening collective cyber resilience has become both an economic and a societal imperative. Cybersecurity is a frontier where collaboration remains not only possible, but powerful – a reminder that, even amid fragmentation, economic strain and uncertainty, collective action can drive progress for all. These are three key trends that executives will need to navigate in cybersecurity in 2026: # 1. AI is supercharging the cyber arms race AI is anticipated to be the most significant driver of change in cybersecurity in the year ahead, according to $94\%$ of survey respondents (see Appendix: Methodology for more information about the survey). This growing recognition is translating into concrete action across organizations. The percentage of respondents assessing the security of AI tools has nearly doubled from the previous year, from $37\%$ in 2025 to $64\%$ in 2026. FIGURE A Percentage of organizations with processes in place to assess AI security Does your organization have a process in place to assess the security of AI tools before deploying them? At the same time, AI vulnerabilities are accelerating at an unprecedented pace: $87\%$ of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk over the course of 2025. FIGURE B Perception of increase or decrease in cyber risks over the past year In the past year, do you think the following cyber risks have increased, decreased or stayed the same? # 2. Geopolitics is a defining feature of cybersecurity In 2026, geopolitics remains the top factor influencing overall cyber risk mitigation strategies. Some $64\%$ of organizations are accounting for geopolitically motivated cyberattacks – such as disruption of critical infrastructure or espionage. FIGURE C Top considerations for cyber risk mitigation strategies Which of the following does your organization consider in its overall cyber risk mitigation strategy? (select all that apply) Notably, $91\%$ of the largest organizations<sup>1</sup> have changed their cybersecurity strategies due to geopolitical volatility. # How organizations have adapted cybersecurity strategies amid geopolitical volatility FIGURE D Has your organization's cybersecurity strategy evolved because of geopolitical volatility? In the context of geopolitical volatility, confidence in national cyber preparedness continues to erode, with $31\%$ of survey respondents reporting low confidence in their nation's ability to respond to major cyber incidents, up from $26\%$ last year. Confidence levels vary greatly across regions. Respondents from the Middle East and North Africa express a high degree of confidence in their country's ability to protect critical infrastructure $(84\%)$ , while confidence is lower among respondents in Latin America and the Caribbean $(13\%)$ . # Regional overview: Confidence in national cyber response to critical infrastructure attacks FIGURE E How confident are you in the preparedness of the country in which you are based to respond to major cyber incidents targeting critical infrastructure? Recent incidents affecting key infrastructure, such as airports and hydroelectric facilities, continue to call attention to these concerns. Despite its central role in safeguarding critical infrastructure, the public sector reports markedly lower confidence in national preparedness. Some $23\%$ of public-sector organizations reported having insufficient cyber-resilience capabilities. FIGURE F Perception of insufficient cyber resilience by sector # 3. Cyber-enabled fraud is threatening CEOs and households alike In the survey, $73\%$ of respondents reported that they or someone in their network had been personally affected by cyber-enabled fraud over the course of 2025. FIGURE G Prevalence of cyber-enabled fraud (all respondents) Have you or anyone in your professional/personal network been affected by cyber-enabled fraud in the past 12 months? (select all that apply) Chief executive officers (CEOs) rate cyber-enabled fraud as their top concern, shifting focus from ransomware to emerging risks such as cyber-enabled fraud and AI vulnerabilities. Chief information security officers (CISOs), by contrast, remain concerned about ransomware and supply chain resilience. This reflects how cybersecurity priorities diverge between the boardroom and the front line. TABLE 1 Ranking of CEOs' and CISOs' cyber risk concerns for their organizations <table><tr><td colspan="5">Which cyber risks concern you most for your organization?</td></tr><tr><td>Rank</td><td colspan="2">Chief executive officer (CEO)</td><td colspan="2">Chief information security officer (CISO)</td></tr><tr><td></td><td>2025</td><td>2026</td><td>2025</td><td>2026</td></tr><tr><td>1</td><td>Ransomware attack</td><td>Cyber-enabled fraud and phishing</td><td>Ransomware attack</td><td>Ransomware attack</td></tr><tr><td>2</td><td>Cyber-enabled fraud and phishing</td><td>AI vulnerabilities</td><td>Supply chain disruption</td><td>Supply chain disruption</td></tr><tr><td>3</td><td>Supply chain disruption</td><td>Exploitation of software vulnerabilities</td><td>Cyber-enabled fraud and phishing</td><td>Exploitation of software vulnerabilities</td></tr></table> 1 # Five years of the Global Cybersecurity Outlook In 2026, cybersecurity will continue to evolve across technological, geopolitical, economic and strategic dimensions. Over the past year, cyberspace has become deeply intertwined with geopolitics, the global economy and the daily lives of individuals and institutions alike. A new generation of cyber incidents has exposed the fragility of these connections: disruptions in retail and manufacturing chains, aviation slowdowns, intrusions into public-sector systems and hyperscale cloud outages. Each event underscored how tightly interlinked the digital ecosystem has become – where a single local fault or targeted attack can rapidly cascade into global-scale consequences. In 2026, cybersecurity will continue to evolve across technological, geopolitical, economic and strategic dimensions. In this landscape, cybersecurity is no longer a backroom technical function; it is a core strategic concern for governments, businesses and societies. The coming year will test not only global technological preparedness but also the capacity to align policy, ethics and collaboration in defending an increasingly digital world. Over the past five years, the Global Cybersecurity Outlook has traced the developments in risks related to the digital landscape – from the urgency of the pandemic-driven digitalization to today's environment of accelerating complexity, fragmentation and technological transformation. The 2022 edition captured a world adapting to unprecedented connectivity. As organizations raced to digitize operations during the COVID-19 pandemic, the report warned of widening capability gaps that left smaller institutions and nations struggling to defend their increasingly digital infrastructure. By 2023, cyber risk had become inseparable from geopolitics. The report documented how escalating geopolitical instability and supply chain interdependencies reshaped corporate priorities. The 2024 edition described a world of polarization and uneven progress. The cybersecurity economy grew faster than the global economy, but this growth masked deepening cyber inequity between resilient, well-resourced organizations and those falling behind. In 2025, the fourth edition found that a series of compounding factors – geopolitical tension, intricate supply chains, regulatory proliferation and rapid technological adoption – were creating an era of escalating complexity and unpredictability. Across these four years and leading into the fifth, one theme stands out: collaboration has become indispensable in a fragmented world facing rising threats, a widening tech divide and growing inequity that risk deepening the cyber resilience gap. 2 # The view from the top: CEOs' priorities in a shifting cyber landscape The Global Cybersecurity Outlook 2026 survey gathered insights from more than 100 CEOs across industries and regions. Their responses offer a unique lens into how leaders perceive the evolving cyber landscape. # Threat landscape Cyber-enabled fraud is CEOs' top concern, while ransomwareremains the primary concern forCISOs In 2025, CEOs were most concerned about ransomware attacks, followed by cyber-enabled fraud. In 2026, their priorities shifted, with cyber-enabled fraud and phishing taking the top spot and AI vulnerabilities emerging second. For CISOs, the top risks showed strong continuity, with ransomware attacks remaining the leading concern and supply chain disruption consistently holding second place across both years. This suggests CEOs are prioritizing financial loss prevention and preparing for new threats, while CISOs remain focused on operational resilience. TABLE 2 Ranking of CEOs' and CISOs' cyber risk concerns for their organizations <table><tr><td colspan="5">Which cyber risks concern you most for your organization?</td></tr><tr><td>Rank</td><td colspan="2">Chief executive officer (CEO)</td><td colspan="2">Chief information security officer (CISO)</td></tr><tr><td></td><td>2025</td><td>2026</td><td>2025</td><td>2026</td></tr><tr><td>1</td><td>Ransomware attack</td><td>Cyber-enabled fraud and phishing</td><td>Ransomware attack</td><td>Ransomware attack</td></tr><tr><td>2</td><td>Cyber-enabled fraud and phishing</td><td>AI vulnerabilities</td><td>Supply chain disruption</td><td>Supply chain disruption</td></tr><tr><td>3</td><td>Supply chain disruption</td><td>Exploitation of software vulnerabilities</td><td>Cyber-enabled fraud and phishing</td><td>Exploitation of software vulnerabilities</td></tr><tr><td rowspan="2">TABLE 3</td><td colspan="2">CEOs of highly resilient companies are concerned about AI vulnerabilities Cyber-enabled fraud and phishing remain the top cybersecurity concerns for CEOs of insufficiently resilient organizations. However, as resilience</td><td colspan="2">strengthens, risk perception shifts towards emerging threats: among CEOs of highly resilient organizations, AI-related vulnerabilities rise to the top. This suggests that resilient organizations are more attuned to the evolving risks posed by advanced technologies.</td></tr><tr><td colspan="4">CEO survey responses, segmented by organizational resilience level</td></tr><tr><td colspan="3">Which cyber risks concern you most for your organization?</td><td>High resilience (rank)</td><td>Insufficient resilience (rank)</td></tr><tr><td colspan="3">AI vulnerabilities</td><td>1</td><td>4</td></tr><tr><td colspan="3">Cyber-enabled fraud and phishing</td><td>2</td><td>1</td></tr><tr><td colspan="3">Supply chain disruption</td><td>3</td><td>7</td></tr><tr><td colspan="3">Exploitation of software vulnerabilities</td><td>4</td><td>3</td></tr><tr><td colspan="3">Ransomware attack</td><td>5</td><td>2</td></tr><tr><td colspan="3">Insider threat</td><td>6</td><td>6</td></tr><tr><td colspan="3">Denial-of-service attacks</td><td>7</td><td>5</td></tr></table> Data leaks and advancement of adversarial capabilities dominate CEOs' concerns about generative AI CEOs identify data leaks (30%) and the advancement of adversarial capabilities (28%) as the most significant security concerns related to generative AI (genAI). These two risks stand out clearly above others, indicating that exposure of proprietary data through genAI and the growing sophistication of cyber attackers are the primary issues on CEOs' radars for 2026. FIGURE 1 CEOs' perception of key AI security risks Which cybersecurity issue related to genAI concerns you the most? # Geopolitics Private-sector CEOs question national readiness for major cyberattacks on critical infrastructure Less than $45\%$ of all CEOs from the private sector are confident in their country's ability to respond to major cyber incidents targeting critical infrastructure. How confident are you in the preparedness of the country in which you are based to respond to major cyber incidents targeting critical infrastructure? FIGURE 2 CEOs' confidence in national responses to cyberattacks on critical infrastructure Cybersecurity is the foundation for our digital world. It is at the heart of trust and will allow society to fully benefit from the transformations enabled by new technologies like AI and quantum. But it's not something one can do on their own. We have to come together, share intelligence globally and develop the skills equal to emerging risks. Society knows what's at stake if we get this wrong. It's critical that we get it right. If we do, we'll be able to deliver on the many possibilities for so many people around the world. Michael Miebach, Chief Executive Officer, Mastercard CEOs of highly resilient organizations prioritize threat intelligence and information sharing to address geopolitical volatility Some $52\%$ of CEOs of highly resilient organizations are prioritizing threat intelligence on nation-state actors, compared to $13\%$ of CEOs of insufficiently resilient organizations. Similarly, $48\%$ of CEOs of highly resilient organizations are increasing collaboration with government agencies and information-sharing groups, whereas only $6\%$ of CEOs of insufficiently resilient organizations report doing so. This indicates that resilience is no longer built in isolation. It is achieved through shared intelligence and partnerships. FIGURE 3 CEOs' views on the evolution of cybersecurity strategy amid geopolitical volatility, by organizational resilience level Has your organization's cybersecurity strategy evolved because of geopolitical volatility? (select all that apply) CEOs of highly resilient organizations cite external ecosystem risks as the top challenge to cyber resilience, while less resilient peers point to funding and skills shortages As organizational resilience improves, CEOs increasingly shift their attention from internal resource constraints, such as funding or skills shortages, to broader ecosystem risks. In the survey, $78\%$ of CEOs of highly resilient organizations identify supply chain and third-party dependencies as the most significant challenge to further strengthening resilience. On the other hand, cybersecurity skills shortage $(56\%)$ and lack of funds $(63\%)$ were the top challenges identified by CEOs of insufficiently resilient organizations to improve their cyber resilience. # FIGURE 4 CEOs' greatest challenge to becoming cyber resilient, by organizational resilience level What is your organization's greatest challenge to becoming cyber resilient? CEO of highly resilient organization CEO of insufficiently resilient organization CEOs of highly resilient organizations integrate security into their procurement process to address supply chain risk CEOs of highly resilient organizations integrate security into their procurement process (70%) and prioritize supplier-maturity assessments (59%) to address supply chain risk. How does your organization address supply chain cyber risk? (select all that apply) FIGURE 5 CEO approaches to supply chain risk management, by organizational resilience level CEO of highly resilient organization CEO of insufficiently resilient organization CEOs from sub-Saharan Africa, Latin America and the Caribbean face the greatest cyber skills shortages Outside of Europe and North America, more than half of CEOs admit lacking the skills to achieve current cybersecurity goals, with sub-Saharan Africa (70%) and Latin America and the Caribbean (69%) facing the greatest gaps. Does your organization's workforce have the skills needed to achieve its current cybersecurity objectives? FIGURE 6 CEOs' views on whether their organization's workforce has the skills for current cybersecurity objectives, by region Yes, we have the people and skills we need today No, we are missing critical people and skills 3 # The trends reshaping cybersecurity As organizations confront AI threats, geopolitical volatility and supply chain vulnerabilities, the need for resilience has never been clearer. # 3.1 AI is reshaping risk, accelerating both offence and defence Developments in AI are reshaping multiple domains, including cybersecurity. Implemented well, these technologies can assist and support human operators in detecting, defending and responding to cyberthreats. However, they can also pose serious risks such as data leaks, cyberattacks and online harms if they malfunction, or are misused. Governments must take a forward-looking, practical and collaborative approach to developing and using emerging technologies safely, as their capabilities and risks continue to evolve. The risks transcend borders, and the challenge is to maximize AI's benefits, including to strengthen our cyber resilience, while minimizing its risks. Josephine Teo, Minister for Digital Development and Information and Minister-in-Charge of Cybersecurity and Smart Nation Group, Singapore AI is anticipated to be the most significant driver of change in cybersecurity in the year ahead, according to $94\%$ of survey respondents. AI is reshaping the cybersecurity landscape across three interconnected dimensions. First, the widespread integration of AI systems introduces an expanded attack surface, creating novel vulnerabilities that traditional controls were not designed to address. Second, defenders are harnessing AI to strengthen their cyber capabilities – augmenting detection, accelerating incident response and automating high-volume analytical tasks. Third, threat actors are leveraging AI to enhance the scale, speed, sophistication and precision of their attacks, driving a new generation of automated exploitation and targeted social engineering (see Section 3.3). Together, these dynamics illustrate the dual-use nature of AI, both as a force multiplier for defence and as a catalyst for attackers. As this technological competition intensifies, organizations are shifting from reactive to proactive security, while reassessing governance, validation and oversight at every stage of AI adoption. # Impacts of AI on cybersecurity FIGURE 7 Impacts of AI on cybersecurity Source: Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards. (2025). World Economic Forum<sup>2</sup> Al's benefits are contingent on disciplined execution. Poorly implemented solutions can introduce new risks – misconfiguration, biased decision-making, over-reliance on automation and susceptibility to adversarial manipulation – unless organizations embed robust guardrails, security-by-design practices and continuous monitoring. The implication is clear: AI can improve cybersecurity, but only when deployed within sound governance frameworks that keep human judgement at the centre. At the same time, too many controls can create friction, so it is essential to strike a careful balance. # Security of AI: from awareness to action According to the Global Cybersecurity Outlook 2026 survey, $87\%$ of respondents identified Al-related vulnerabilities as the fastest-growing cyber risk over the course of 2025. # FIGURE 8 Perception of increase or decrease in cyber risks over the past year In the past year, do you think the following cyber risks have increased, decreased or stayed the same? Data leaks associated with genAI (34%) and the advancement of adversarial capabilities (29%) stand out as leading concerns for 2026. This marks a striking reversal from previous years – in 2025, advancement of adversarial capabilities topped the list at 47% compared to only 22% for data leaks associated with genAI. The shift underscores a turning point in the AI risk landscape for the upcoming year: while the "AI arms race" between attackers and defenders continues to intensify, attention is pivoting from purely offensive innovation with AI towards the unintended exposure and misuse of sensitive data through generative and agentic systems. Which cybersecurity issues related to generative AI concern you the most? Growing awareness of AI-related cybersecurity risks is reflected in the increasing focus on the secure use of AI. The Global Cybersecurity Outlook 2025 highlighted a significant gap between the widespread recognition of AI-driven risks and the rapid adoption of AI technologies without adequate safeguards. By 2026, however, this picture is changing: the share of organizations assessing the security of their AI tools has nearly doubled – from $37\%$ in 2025 to $64\%$ in 2026 – indicating that more organizations are introducing structured processes and governance models to manage AI securely and responsibly. # Percentage of organizations with processes in place to assess AI security FIGURE 10 Does your organization have a process in place to assess the security of AI tools before deploying them? FIGURE 11 Does your organization have a process in place to assess the security of AI tools before deploying them? Frequency of AI security assessments in organizations BOX 1 In the 2026 survey, $40\%$ of organizations reported conducting periodic reviews of their AI tools before deploying them, rather than only doing a one-time assessment $(24\%)$ - a clear sign of progress towards continuous assurance. However, roughly one-third still lack any process to validate AI security before deployment, leaving systemic exposures even as the race to adopt AI in cyber defences accelerates. The market's drive to adopt new AI features often outpaces security readiness, creating exploitable vulnerabilities. In response to these emerging risks, a number of fundamental measures should be prioritized to secure AI at the infrastructure level. This includes protecting the data used in the training and customization of AI models from breaches and unauthorized access. AI systems should be developed with security as a core principle, incorporating regular updates and patches to address potential vulnerabilities. It is also critical for organizations to deploy robust authentication and encryption protocols to ensure the protection of customer interactions and data.<sup>4</sup> # The widespread adoption of AI agents As AI agents become more widely adopted, they are poised to transform how digital systems are designed and developed. AI agents can enhance efficiency, responsiveness and scalability by automating complex or repetitive activities with speed and consistency, but their integration can challenge traditional security frameworks, redefining roles and processes, while raising fundamental questions about decision-making and the prioritization of alerts. The multiplication of identities and connections makes managing their credentials, permissions and interactions just as critical – and likely even more complex – as managing those of human users. As outlined in the World Economic Forum's report AI Agents in Action: Foundations for Evaluation and Governance, without strong governance, agents can accumulate excessive privileges, be manipulated through design flaws or prompt injections, or inadvertently propagate errors and vulnerabilities at scale. Their speed and persistence amplify these risks, underscoring the need for continuous verification, audit trails and robust accountability structures grounded in zero-trust principles that treat every interaction as untrusted by default.<sup>5</sup> # AI for cybersecurity AI is fundamentally transforming security operations - accelerating detection, triage and response while automating labour-intensive tasks such as log analysis and compliance reporting. Al's ability to process vast datasets and identify patterns at speed positions it as a competitive advantage for organizations seeking to stay ahead of increasingly sophisticated cyberthreats. The survey data reveals that $77\%$ of organizations have adopted AI for cybersecurity, primarily to enhance phishing detection $(52\%)$ , intrusion and anomaly response $(46\%)$ and user-behaviour analytics $(40\%)$ . FIGURE 12 How organizations are implementing AI for cybersecurity Has your organization implemented any AI-enabled tools to fulfil its cybersecurity objectives? (select up to three) Addressing the practical challenges of AI adoption in cybersecurity, organizations consistently identify insufficient knowledge and/or skills (54%) to deploy AI for cybersecurity, the need for human oversight (41%) and uncertainty about risk (39%) as the main hurdles. These findings indicate that trust is still a barrier to widespread AI adoption. Criminals are always willing to use all possible ways to get access to value, much of which is contained in the cyber infrastructure. Consequently, to stay ahead, those of us who defend must use every tool at our disposal – which now includes agentic AI. Arvind Krishna, Chief Executive Officer, IBM What implementation hurdles does your organization face in embracing AI for cybersecurity? (select all that apply) Responses (%) As organizations navigate the integration of AI into their security operations, the balance between automation and human judgement becomes increasingly critical. While AI excels at automating repetitive, high-volume tasks, its current limitations in contextual judgement and strategic decision-making remain clear. Over-reliance on ungoverned automation risks creating blind spots that adversaries may exploit. This evolving dynamic is reshaping the role of cybersecurity professionals, highlighting the importance of adapting skill sets to meet new demands. According to the World Economic Forum's The Future of Jobs Report 2025, "networks and cybersecurity" are among the top three fastest-growing skills projected for 2030 - alongside AI and big data and technological literacy - reinforcing the urgency for targeted upskilling and continuous learning.[6] Rather than replacing human expertise, AI is enabling specialists to shift their focus towards strategic oversight, governance and policy while delegating routine operational tasks to automation. This transition demands new skill sets, blending technical proficiency with strategic and ethical considerations, and underscores the growing importance of AI literacy across security teams. The priorities for organizations are clear: invest in AI literacy and secure-use skills, and embed governance and validation, without creating new single points of failure. A collaborative model, anchored in security-by-design principles, emerges as the recommended path forward – enabling organizations to harness AI's advantages while mitigating vulnerabilities and ensuring innovation strengthens, rather than compromises, cybersecurity. # How industries are adopting AI for cybersecurity The adoption of AI tools to augment cybersecurity capabilities varies across industries, reflecting sector-specific risk profiles and operational needs. The energy sector emphasizes intrusion and anomaly detection (according to $69\%$ of respondents who have implemented AI for cybersecurity); the materials and infrastructure sector prioritizes phishing protection $(80\%)$ ; and the manufacturing, supply chain and transportation sector reports greater use of automated security operations $(59\%)$ . These differences not only reflect sectoral risk profiles and operating constraints but also collectively point to a maturing portfolio of AI-enabled cyber defence capabilities that spans detection, intelligence, analytics and orchestrated cyber defence. The differences in AI adoption for cybersecurity will be analysed in Section 3.6. Has your organization implemented any AI-enabled tools to fulfil its cybersecurity objectives? Yes, for threat intelligence and risk prioritization Yes, for user behaviour analytics and insider threat detection Energy Financial services Health and consumer ICT and media Manufacturing , supply chain and transportation Materials and infrastructure Professional services and institutional # 3.2 | Geopolitics is a defining feature of cybersecurity In an increasingly fragmented global environment – marked by conflicts, geoeconomic tensions, trade wars, sanctions and growing technological competition – geopolitics has become a defining force shaping cybersecurity. The Global Cybersecurity Outlook 2026 survey data reveals that, although the percentage of organizations changing their cybersecurity strategy due to geopolitics has declined from $93\%$ in 2023 to $66\%$ in 2026, geopolitics remains the top factor influencing overall cyber risk mitigation strategies. This suggests that the initial wave of adaptations following the geopolitical turmoil that dominated the headlines in 2022 and 2023 has passed, and that geopolitical risk is now a major factor shaping cyber defence. Has your organization's cybersecurity strategy evolved because of geopolitical volatility? FIGURE 16 Which of the following does your organization consider in its overall cyber risk mitigation strategy? (select all that apply) Top considerations for cyber risk mitigation strategies - Organizations are increasingly shifting from isolated defence to intelligence-driven collaboration. - In response to geopolitical volatility, survey respondents identified a stronger focus on threat intelligence and deeper engagement with government agencies as the top two drivers of change in their cybersecurity strategies. This trend indicates a growing recognition that navigating an uncertain geopolitical landscape demands collaboration and shared situational awareness. Has your organization's cybersecurity strategy evolved because of geopolitical volatility? (select all that apply) The shift towards intelligence-driven collaboration is being led primarily by global organizations with a larger number of employees, which are inherently more exposed to geopolitical volatility due to their global operations. These large employers are proactively seeking greater collaboration to manage this heightened exposure – leveraging their scale and resources to strengthen resilience. Data shows that $70\%$ of the largest employers (those with more than 100,000 employees) have increased their focus on threat intelligence, compared to only $30\%$ of small employers (those with 1,000 employees or fewer). Similarly, $49\%$ of these large employers have deepened their engagement with government agencies or information-sharing groups, versus $26\%$ of small employers. In contrast, those smaller organizations, with limited staff and narrower geographic footprints, appear to be less aware of direct geopolitical pressures and often have less capacity to participate in collective security efforts. This may mean relying more frequently on risk acceptance rather than active mitigation in response to geopolitical volatility. FIGURE 18 Strategy shifts due to geopolitical volatility among small and very large employers (by headcount) Has your organization's cybersecurity strategy evolved because of geopolitical volatility? Geopolitical tensions particularly expose threats and vulnerabilities in the critical national infrastructure that supports society and underpins the operations of countless organizations. # Local events - global impact Geopolitical instability and armed conflicts are reshaping the cyberthreat landscape, creating complex and unpredictable conditions for organizations. As global fragmentation deepens - driven by conflicts, sanctions and technological rivalry - cybersecurity is emerging as a critical extension of geopolitical competition. The large-scale power outage experienced in the Iberian Peninsula, while not in itself the result of a cyberattack, highlighted the impact a cyberattack could have on such critical national infrastructure. Ongoing instability in the wake of the war in Ukraine has coincided with a rise in hybrid attacks, using drones to target European airports and other critical infrastructure, along with the spread of disinformation, which have further destabilized the regional security landscape.<sup>8</sup> Beyond Europe, escalating geopolitical rivalries and conflicts across the Indo-Pacific, Middle East and Africa require organizations to maintain heightened vigilance as risks intensify across regions and industries. Of particular concern to participants in focus groups for this report was the use of advanced offensive cyber capabilities by nation-state actors to hack telecommunications networks in the United States.<sup>9,10,11</sup> The shift to a paradigm of more global confrontation – for example, by using trade policies, including tariffs and export restrictions – is reshaping alliances and technology dependencies. Political tensions are contributing to a growing fragmentation of global technology ecosystems, as countries diversify their partnerships and supply chains. Political and economic tensions are also driving countries and corporations to reconfigure supply chains, reshape manufacturing and cultivate “trusted” regional partners. The rush to establish alternative suppliers, logistics channels or data-hosting arrangements often outpaces cyber due diligence, expanding the attack surface across less-secure networks and third parties. As tariffs and policy shifts ripple through industries, cybersecurity risk management must evolve in tandem – treating trade disruptions as triggers for renewed threat modelling and vendor-risk reassessment.[12] In this volatile environment, cyber operations have become tools of diplomacy and influence – used to shape political outcomes and disrupt trade – further reinforcing the link between geopolitical uncertainty and organizational cyber risk exposure. Although geopolitical volatility continues to weigh on strategic decision-making, a concerning trend has emerged: reductions in cybersecurity budgets that may constrain organizational capacity to manage growing threats. Survey data shows that $12\%$ of organizations based in North America and $13\%$ of organizations based in Latin America and the Caribbean have reported cutting cybersecurity budgets due to geopolitical volatility. As state-sponsored attacks and espionage campaigns intensify, organizations face mounting challenges in forecasting cyber risks and aligning strategies with shifting global conditions. Participants in focus group interviews for this report warn that these pressures will persist, reinforcing the need for adaptive, resilient cyber strategies despite constrained budgets. # Geopolitical tensions driving critical infrastructure vulnerabilities Geopolitical tensions particularly expose threats and vulnerabilities in the critical national infrastructure that supports society and underpins the operations of countless organizations. Sectors such as energy, water and transportation are increasingly targeted in cyber warfare campaigns, where the interconnected nature of systems amplifies the impact of disruptions. A striking illustration came in April 2025 when a Norwegian hydropower dam was hacked, opening a floodgate and releasing 500 litres of water per second for four hours, in what officials described as a deliberate act of sabotage.[13] Alarmingly, $31\%$ of the Global Cybersecurity Outlook survey participants express lack of confidence in their nation's ability to respond effectively to major cyber incidents, which is up from $26\%$ last year. This indicates a growing sense of uncertainty and heightened exposure. FIGURE 19 Overall confidence in national cyber response to critical infrastructure attacks How confident are you in the preparedness of the country in which you are based to respond to major cyber incidents targeting critical infrastructure? How confident are you in the preparedness of the country in which you are based to respond to major cyber incidents targeting critical infrastructure? FIGURE 20 Regional overview: Confidence in national cyber response to critical infrastructure attacks # BOX2 # Strengthening cyber readiness through coordinated national action Saudi Arabia's cybersecurity resilience is built on a clear national principle: strength begins with people. When individuals, organizations and sectors are equipped with the right awareness and skills, they form a unified shield that reinforces the nation's digital security and resilience. Rooted in this principle, the National Cybersecurity Authority (NCA) has established a whole-of-nation model that elevates readiness at every level of society. The NCA sets strategic direction and is supported by the Saudi Information Technology Company (SITE), which translates these priorities into actionable, high-impact programmes. Through its cyber drills, SITE delivers high-fidelity simulations that enhance preparedness for evolving cybersecurity threats. During major events such as Hajj, these exercises stress-test containment, crisis management and cross-sector coordination, ensuring that readiness is both operational and proven. In parallel, nationwide awareness initiatives distil technical insights into accessible, culturally attuned guidance that strengthens daily vigilance. These campaigns extend from national programmes to individual engagement, aligning stakeholders across sectors to address risks such as phishing and Al-driven misinformation. Together, NCA and SITE are shaping a cybersecurity culture where awareness, preparedness and coordinated action are embedded across the entire nation. # Cybersecurity in the sovereignty era The uneven confidence across regions points to a broader shift in how nations perceive cyber resilience – from a technical challenge to a question of sovereignty and self-reliance. As nations seek to protect critical infrastructure, many are re-evaluating their dependencies on foreign technology providers and global supply chains. This connection between infrastructure protection and digital autonomy has become a defining feature of modern cybersecurity policy. Over the course of 2025, economic uncertainty and geopolitical instability have become deeply intertwined, amplifying global cyber risk and complicating organizations' ability to anticipate and mitigate emerging threats. As political tensions and trade disputes reshape alliances and technology dependencies, the world is witnessing growing fragmentation across digital and technological ecosystems. This renewed focus on digital sovereignty reflects an urgent drive by states and organizations to safeguard autonomy, control critical assets and reduce exposure to external shocks. The term "cyber sovereignty" is often used to mean the application of traditional state sovereignty rights and obligations (i.e. control of territory, non-intervention, jurisdiction) to the domain of cyberspace.[14] The concept is complicated by the fact that cyberspace doesn't map neatly onto physical territory (servers, cables, data flows cross jurisdictions), so applying conventional sovereignty (which is territory-based) becomes challenging. At the organizational level, concerns over sovereignty have become increasingly tangible. Governments, public institutions and private enterprises alike are reassessing dependencies on foreign technology providers and global cloud infrastructure, in light of geopolitical tensions and supply chain vulnerabilities. For instance, several European actors – including municipalities such as Copenhagen, in Denmark, and federal agencies in Germany – have begun shifting towards sovereign or regionally managed cloud solutions to ensure compliance with national data-protection mandates and to mitigate perceived risks associated with extraterritorial control of data.[15] Similar debates are unfolding elsewhere as organizations weigh the benefits of global interoperability against the imperative of maintaining control over critical digital assets and sensitive information. This trend illuminates a broader recalibration of trust – not only in systems and technologies, but in the geopolitical reliability of the ecosystems that underpin them. The growing attention to sovereignty emphasizes the tension between preserving openness and interoperability and safeguarding national autonomy, control and resilience against external disruptions. As the threat landscape evolves and AI increasingly powers offensive operations in cyberspace, we must step up our work on the resilience of our critical infrastructure and connectivity. The EU stands ready to work with like-minded partners to protect what is today the digital backbone of our economy and society. Looking ahead, our priority is to boost investments in cyber to strengthen Europe's industrial capabilities and harness deep tech for better detection and anticipation, invest in people to close the cyber skills gap, and deepen intelligence sharing so that we can spot and address vulnerabilities faster. Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, European Commission # 3.3 The evolving landscape of cybercrime: AI, fraud and the global response Over the course of 2025, several high-profile cybercrime cases have dominated the headlines, with cyberattacks disrupting retail, businesses and manufacturing operations – and even targeting nurseries.[16] Ransomware continues to be the leading concern for CISOs; by contrast, CEOs tend to be more concerned on the broader business impacts of frauds. For CISOs this concern reflects the significant operational disruption a successful ransomware attack can inflict on the availability of critical information technology (IT) and operational technology (OT) systems. Many of the major cyber incidents that made the headlines in 2025 were, in fact, driven by ransomware demands. As one of the most lucrative tactics for cybercriminals, ransomware remains a persistent threat, and theincreasing integration of AI into attack methods isexpected to make these attacks even more effective. Cyber-enabled fraud continues to grow in scale, taking a heavy toll on individuals and organizations around the world. According to the Global Cybersecurity Outlook survey data, $77\%$ of respondents reported an increase in cyber-enabled fraud and phishing overall, while $73\%$ claimed that they or someone in their network had been personally affected by cyber-enabled fraud. The three most common types of attacks reported are phishing (including vishing and smishing), payment fraud and identity theft. Have you or anyone in your professional/personal network been affected by cyber-enabled fraud in the past 12 months? (select all that apply) FIGURE 21 Prevalence of cyber-enabled fraud (all respondents) Have you or anyone in your professional/personal network been affected by cyber-enabled fraud in the past 12 months? FIGURE 22 Prevalence of cyber-enabled fraud across regions # Global efforts to combat cyber-enabled fraud To tackle fraud, global efforts to combat cyber-enabled crime are gaining momentum. The United Nations Office on Drugs and Crime (UNODC) and the International Criminal Police Organization (INTERPOL) are co-organizing the Global Fraud Summit in March 2026. The summit will serve as a platform to galvanize international action by fostering high-level dialogue, political and law enforcement commitments, and effective cross-sector collaboration.[17] This high-level discussion comes after several significant operational disruptions of cybercrime networks across South-East Asia, Africa and Europe in 2025. Civil society and the private sector are also coordinating efforts. The Global Anti-Scam Alliance (GASA), for instance, is leveraging the Global Signal Exchange to enhance real-time insights into the supply chains that enable scams.[18] In parallel, the World Economic Forum's Partnership Against Cybercrime (PAC), in collaboration with the Institute for Security and Technology (IST), has published the white paper Fighting Cyber-Enabled Fraud: A Systemic Defence Approach.[19] The paper calls on stakeholders to act across three pillars – prevention (structurally reducing abuse before it occurs), protection (embedding user safety by default) and mitigation (enabling rapid, collective response) – outlining a shared responsibility model designed to disrupt cyber-enabled fraud at scale (see Figure 23). Together, these initiatives reflect a growing international commitment to strengthen systemic defences and address cyber-enabled fraud through coordinated global action. Source: Fighting Cyber-Enabled Fraud: A Systemic Defence Approach. (2025). World Economic Forum While genAI is currently used primarily to enhance social engineering and reconnaissance, the emergence of autonomous AI agents capable of executing full-scale attacks signals a potential turning point. # Al-enabled cybercrime Recent developments in genAI are lowering the barriers to executing phishing attacks while simultaneously increasing their sophistication and credibility. Criminal actors are exploiting genAI to automate and scale social engineering efforts, producing realistic phishing emails, deepfake audio and video, and falsified documentation capable of evading conventional detection systems and human scrutiny. Furthermore, AI models trained on compromised or breached datasets are being weaponized to enhance targeting precision, replicate authentic communication styles and manipulate human trust with greater effectiveness. These capabilities represent a substantial evolution in the threat landscape, requiring more advanced a