Foreword

Cybersecurity in 2026 is shaped by accelerating AI adoption, geopolitical fragmentation and widening cyber inequity. The report frames cyber risk as a strategic economic and societal issue requiring leadership engagement, collaboration and sustained investment in resilience and skills.

Five years of the global cybersecurity outlook

Since 2022, the Outlook has tracked the shift from pandemic-driven digitalisation to a fragmented environment defined by supply chain interdependence, regulatory proliferation and technological transformation. While the cybersecurity economy has grown, resilience gaps between well-resourced and under-resourced organisations have widened, reinforcing the need for coordinated defence.

The view from the top: CEOs’ priorities in a shifting cyber landscape

Based on 804 qualified respondents across 92 countries, CEOs in 2026 rank cyber-enabled fraud and phishing as their top risk, followed by AI vulnerabilities. CISOs continue to prioritise ransomware and supply chain disruption.

AI concerns focus on data leaks (30%) and adversarial capabilities (28%). AI vulnerabilities are viewed as the fastest-growing risk (87%).

Geopolitics remains central: 66% adjusted cybersecurity strategies due to geopolitical volatility, and 64% consider geopolitically motivated cyberattacks in mitigation plans. Confidence in national preparedness has declined, with 31% reporting low confidence. Regional disparities are significant, ranging from 84% confidence in the Middle East and North Africa to 13% in Latin America and the Caribbean.

The trends reshaping cybersecurity

Ai is reshaping risk, accelerating both offence and defence

AI is identified by 94% as the most significant driver of change. While 77% use AI in cybersecurity, primarily for phishing detection (52%) and intrusion response (46%), 54% cite insufficient skills as a barrier. The share assessing AI security before deployment rose from 37% in 2025 to 64% in 2026. The report emphasises security-by-design, governance frameworks and human oversight.

Geopolitics is a defining feature of cybersecurity

Organisations are shifting towards intelligence-driven collaboration. Larger employers increase focus on nation-state threat intelligence (70%). Budget pressures are emerging, with 12–13% reporting cuts linked to geopolitical volatility. Critical infrastructure resilience remains uneven.

The evolving landscape of cybercrime: AI, fraud and the global response

Cyber-enabled fraud is rising: 77% report increases, and 73% have been personally affected. Phishing (62%), payment fraud (37%) and identity theft (32%) are most common.

Sub-Saharan Africa (82%) and North America (79%) report high exposure. International coordination is expanding through UN and INTERPOL initiatives. AI-driven deepfakes and automated campaigns are increasing sophistication.

Cyber resilience is the key to safeguarding economic value

In 2026, 64% report meeting minimum resilience requirements and 19% exceeding them (up from 9% in 2025). However, major incidents highlight ongoing exposure.

Top barriers include evolving threats (61%), supply chain vulnerabilities (46%) and skills shortages (45%). Highly resilient organisations demonstrate strong board engagement (99%), supplier assessments (74%) and AI governance (83%).

Economic impacts are material, with significant UK cyber incidents averaging £195,000 per business.

Securing supply chains amid opacity and concentration risks

Inheritance risk and lack of visibility are leading supply chain concerns. While 66% assess supplier maturity, only 27% conduct ecosystem-wide simulations. Concentration in cloud providers heightens systemic exposure.

Drivers of cyber inequity in 2026

NGOs (37%) and the public sector (23%) report higher insufficient resilience than the private sector (11%). Small organisations are twice as likely as large ones to report insufficient resilience.

Skills shortages are acute: 85% of insufficiently resilient organisations lack critical expertise, particularly in Latin America and the Caribbean (65%) and sub-Saharan Africa (63%). Larger firms adopt AI tools at higher rates (93% vs 78%).

Future threat vectors are emerging in silence

Emerging risks include autonomous systems (26%), quantum technologies (37%), digital currencies and space infrastructure. Proactive migration to post-quantum cryptography and stronger cyber-physical governance are identified as priorities.

Conclusion

Cyber resilience now underpins economic stability and trust. Organisations that integrate governance, AI oversight, supply chain management and ecosystem collaboration into strategy are better positioned to manage systemic and interconnected cyber risk.