Dive Brief:
- Cyber-enabled fraud is the top concern of corporate executives, eclipsing ransomware on IT and security leaders’ list of the most significant risks facing their organizations, according to a World Economic Forum report published on Monday.
- Nearly three-quarters (73%) of respondents to WEF’s survey said that cyber-enabled fraud had affected them or someone they knew in 2025.
- The report also covered organizations’ cybersecurity responses to geopolitical risks, their AI fears and the biggest obstacles to improving cyber defenses.
Dive Insight:
The shift from ransomware to fraud reflects the continuing pervasiveness of simple but effective cyber scams, as well as executives’ firsthand experience with the devastating consequences of these attacks.
In 2025, CEOs said ransomware, cyber-enabled fraud and supply-chain disruptions were their top cyber-risk concerns. In 2026, their top-three list consists of cyber-enabled fraud, AI-related vulnerabilities and traditional software vulnerabilities. Among CISOs, ransomware still tops the list, followed by supply-chain threats and software vulnerabilities.
Executives ranked threats differently depending on how cyber-resilient they considered their organizations.
At high-resilience organizations, WEF found, CEOs were most concerned about AI, followed by cyber fraud and supply-chain threats. At low-resilience organizations, CEOs listed cyber fraud first, followed by ransomware attacks and traditional software flaws. “As resilience strengthens, risk perception shifts towards emerging threats,” the report said. “This suggests that resilient organizations are more attuned to the evolving risks posed by advanced technologies.”
As AI worries grow, executives are expressing concerns about a wide range of specific challenges, the WEF found in its report. Data leaks topped the list, earning mentions from 30% of CEOs, followed by hackers’ advancements (28%) and security flaws in AI systems (15%). Almost no one (6%) cited vulnerabilities in the AI code supply chain, even as that issue becomes more of a risk.
The lengthy report also touched on geopolitical risks, describing them as “a defining feature of cybersecurity.” Two-thirds of CEOs told the WEF that geopolitical volatility had changed their cyber strategies, a slight increase from 2025. (Interestingly, the 66% figure in 2026 was significantly lower than the 2024 and 2023 figures of 87% and 93%, respectively.) More than a third of companies said they were focusing more on threat intelligence related to nation-state activity, while a similar percentage reported increased engagement with government agencies and information-sharing groups.
Among all factors driving companies’ cyber strategies, executives cited nation-state cyberattacks on critical infrastructure, disinformation campaigns and the convergence of information technology and operational technology as their three biggest considerations.
Only 37% of CEOs said they were confident in the ability of the country where they were based to respond to “major cyber incidents targeting critical infrastructure,” barely more than the 31% who expressed a lack of confidence. In 2025, 42% expressed confidence and 26% expressed a lack of confidence. Confidence was highest in the Middle East and North Africa, where 84% of respondents said they believed their governments were prepared to respond, while Latin America and the Caribbean had the fewest confident companies (13%).
On the OT security front, only 32% of organizations said they monitored the security of their OT assets, only 20% said they had a dedicated OT security team and only 16% said their boards received reports on OT security.
The WEF report found strong support for cyber regulations, with nearly 60% of respondents saying regulations helped raise companywide and board-level security awareness and more than half saying they helped boost security. Support for regulations was lowest in North America and Europe, which have the most extensive cyber regulation regimes. “More advanced regulatory environments can also introduce greater complexity and compliance burdens,” the WEF said.