The World Economic Forum’s (WEF) Global Cybersecurity Outlook 2026 surveyed 804 global business leaders across 92 countries and found that 94% of respondents said AI will be the most significant driver of change in cybersecurity in the year ahead. This is the case because AI has made cyberattacks faster, cheaper, and harder to detect.
The clearest concern in the report is what AI has done to the economics of launching a cyberattack. Criminal actors are now exploiting generative AI to automate and scale social engineering efforts, producing realistic phishing emails, deepfake audio and video, and falsified documentation capable of evading conventional detection systems and human scrutiny. AI models trained on compromised datasets are also being weaponized to enhance targeting precision, replicate authentic communication styles, and manipulate human trust more effectively.
87% of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk. Fraud and phishing have also seen strong increases, with 77% flagging them as a rising concern. For context on scale, AI has fueled a 1,200% rise in phishing attacks and lowered the barrier to entry for cybercriminals considerably.
Fraud Has Now Overtaken Ransomware as the Top CEO Concern
For years, ransomware was considered the highest cybersecurity risk. But WEF’s 2026 report represents a notable shift, as cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026, with 73% of respondents reporting that they or someone in their network experienced cyber-enabled fraud in 2025.
Among surveyed leaders, 34% cited generative AI data leaks as a primary concern, while 29% pointed to enhanced adversarial tactics enabled by AI tools. Examples include Deepfake fraud and AI-generated phishing. Deepfake scams impersonating executives have already surfaced as real-world fraud vectors, and the sophistication of AI-generated phishing is outpacing the training programs most organizations have in place.
Organizations Are Responding, but a Gap Remains
The report also captures how organizations are adapting. 77% of organizations now deploy AI for cybersecurity purposes, most commonly for phishing detection, automated intrusion response, and user-behavior analytics.
On the governance side, there is progress, albeit slowly. The percentage of organizations with processes in place to assess AI tool security nearly doubled year over year, jumping from 37% in 2025 to 64% in 2026. Roughly one-third of organizations still have no process whatsoever to validate AI security before deployment, which means the divide between large and small organizations is getting wider.
One of the report’s more urgent findings is about who is being left behind. Despite growing organizational resilience overall, there are huge disparities between large and small organizations, especially in emerging markets. Larger organizations are more rapidly absorbing the benefits of AI and defending against newly introduced AI cyberthreats.
What 94% Agreement Means
A number that high, drawn from organizations across 92 countries, tells you that AI’s role in cybersecurity is a current operating reality. And the more pressing question the report raises is whether the governance frameworks, security processes, and talent pipelines organizations are building are moving fast enough to match the pace of the threat.
As cyberattacks become faster, more sophisticated, and increasingly uneven in their impact, governments and organizations are now under growing pressure to adapt.
