As the World Economic Forum’s latest Global Cybersecurity Outlook 2026 suggests, the world is entering one of the most dangerous periods in digital history. According to the report released this January, the threats facing businesses and individuals in 2026 are fundamentally transforming at their core while also sparking volumes. The report surveyed over 800 cybersecurity leaders from 92 countries, and their warnings are stark.
AI doubled the sword
A total of 94% of cybersecurity leaders worldwide agree that artificial intelligence will be the most significant driver of change in the cybersecurity space this year, as AI is transforming both sides of the battle. While defenders use it to detect threats more quickly and mitigate risks, attackers are using the same technology to create more sophisticated attacks.
Based on the report, the numbers tell a troubling story. 87% of organisations identified AI-related vulnerabilities as the fastest-growing cyber risk they faced in 2025. Attackers now utilise AI to generate phishing emails that are nearly indistinguishable from legitimate communications. They generate fake voices and videos so realistic that people hand over passwords and financial information to what they believe are their bosses or family members.
In November 2025, researchers at Anthropic reported something unprecedented – an autonomous AI system carried out a complete cyber espionage operation from start to finish without human intervention. It identified targets and vulnerabilities, broke into systems, gathered valuable information, and extracted the data back to its controllers.
Despite growing awareness, more than one-third of organisations still deploy AI tools without checking whether they are secure. They are racing to adopt the latest technology without fully understanding the risks. For the business executives, the primary concern is the risk of data leaking through generative AI systems as they worry that employees using AI tools might inadvertently expose sensitive company information or trade secrets.
The fraud epidemic
While executives worry about sophisticated AI attacks, ordinary people are being hammered by fraud. A total 73 of survey respondents either personally experienced cyber fraud in the past year or knew someone who did – three out of four people are affected by digital scams.
The most common attacks are phishing schemes, where attackers send fake emails, texts, or voice messages trying to trick people into sharing passwords or financial information. However, the fraud has evolved as they now intercept business transactions, send fake invoices, and steal identities to open accounts in other people’s names. The geographic spread is alarming, as in sub-Saharan Africa, 82% reported exposure to these scams, and North America was not far behind at 79%.
What has transformed is that fraud has moved from being primarily a consumer problem to a major concern for business leaders. When asked what cyber risks worried them most, business executives put fraud at the top of the list, displacing ransomware for the first time.
The criminals behind these operations have professionalised their efforts remarkably; as of these days, they operate cybercrime-as-a-service platforms where anyone can purchase the tools needed to launch attacks. Someone with no technical skills can buy stolen credentials, rent networks to send millions of phishing emails, and purchase ready-made ransomware subscription packs.
Weaponising as a geopolitical tool
The report says that geopolitics has become the top factor influencing how organisations think about cyber risk, as 64% of companies now consider geopolitically motivated cyberattacks when developing their security strategies. Organisations have to make concrete decisions about which vendors to use, which countries to operate in, and how to structure their technology based on geopolitical considerations.
Around 36% organisations have increased their focus on nation-state threat intelligence, 19% have changed technology vendors because of geopolitical concerns, and 14% have stopped doing business in certain countries entirely. Despite this activity, confidence in national preparedness remains low. Only 42% of respondents trust that their government can effectively respond to major cyberattacks on critical infrastructure.
A reported example includes–In April 2025, hackers deliberately sabotaged a Norwegian hydroelectric dam, opening a floodgate that released 500 litres of water a second for four hours. And, across Europe, hybrid attacks combining cyber methods, drones, and disinformation targeted airports and critical infrastructure.
Troubles in supplychains
In the report, 65% of large companies consider third-party and supply chain vulnerabilities as their greatest cybersecurity challenge, up from 54% just a year ago. The problem is getting worse even as awareness increases.
The Jaguar Land Rover attack in August 2025 demonstrated the devastating potential. Production halted globally for five weeks, affecting over 5,000 suppliers. The direct costs were nearly 200 million pounds, but the broader UK economic impact reached nearly 2 billion pounds when ripple effects through the automotive supply chain were included.
However, despite these obvious risks, most organisations remain reactive. Only 27% simulate cyber incidents with their ecosystem partners, and 33% comprehensively map their supply chains to understand where vulnerabilities exist.
Perhaps most troubling is the growing divide between organisations building genuine cyber resilience and those falling behind. Small organisations are twice as likely to report insufficient cyber resilience compared to large ones. The public sector reports 23% insufficient resilience, and non-governmental organisations 37%, while only 11% of private sector organisations fall into this category.
Plus, it is also apparent that the fundamental driver is skills shortage. Among organisations with insufficient resilience, 85% reported a lack of critical cybersecurity skills and people.
Moreover, looking toward 2030, several unprecedented threats are developing in silence, such as autonomous systems and robotics, which may even create new physical risks, as the world is drastically shifting towards going cashless, digital currencies will become critical infrastructure whose security will underpin economic stability worldwide.
Then come undersea cables, which carry 99% of international data traffic, and remain largely unconsidered in most cybersecurity planning. Not only that, quantum computing approaches faster than many realise, the technology that aspires to fundamentally transform the existing security encryption systems.
The threats are real and accelerating, while most are not ready to navigate through these issues. However, many thought leaders are optimistic that cyber resilience is achievable if private and public organisations worldwide treat security as a strategic priority, invest in people as much as technology, and recognise that in an interconnected world, they are together.