Cyber Fraud, Not Ransomware, is Now Businesses’ Top Security Concern
Cyber fraud has overtaken ransomware to become the top cybersecurity concern of business leaders around the world, reflecting a global threat landscape that is being molded by such forces as AI, geopolitics, and complex supply chains that are inc
Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes
Cyber fraud has overtaken ransomware to become the top cybersecurity concern of business leaders around the world, reflecting a global threat landscape that is being molded by such forces as AI, geopolitics, and complex supply chains that are increasingly coming under attack, according to the World Economic Forum (WEF).In its Global Cybersecurity Outlook 2026 report compiled with global consultancy Accenture and released a week before the organization’s annual Davos meeting, 73% of global CEOs and CISOs surveyed said that they or someone in their professional or personal network had been impacted by cyber-enabled fraud during the last year. The concern about cyber fraud was top of mind for CEOs; CISOs said their number-one worry was still ransomware.“As cyber risks become more interconnected and consequential, cyber-enabled fraud has emerged as one of the most disruptive forces in the digital economy, undermining trust, distorting markets and directly affecting people’s lives,” WEF Managing Director Jeremy Jurgens said in a statement. “The challenge for leaders is no longer just understanding the threat but acting collectively to stay ahead of it.”It will take a coordinated team approach for organizations to build cyber resilience spanning governments, businesses, and technology providers, Jurgens said.Other areas of focus include the accelerating risks that AI presents, from data leaks and its use by threat actors, and attacks driven by geopolitics, with 91% of larger enterprises adjusting their cybersecurity initiatives to address the threat.Phishing, Insider Threats, and Payment FraudThere is a range of attacks that fall under the cyber fraud umbrella, such as phishing and insider threats. Within those categories, the 62% of business leaders surveyed said they or others were affected by phishing, smishing, and vishing attacks, with 37% pointing to invoice or payment fraud.Others included identity theft (32%) and insider threat or employee fraud (20%), with both romance and impersonation scams and investment or cryptocurrency fraud both coming in at 17%.The survey also looked at AI and how it’s shaping both the evolution of cyber threats and the defenses against them. Almost all – 94% of respondents – said the technology will be the most significant driver of change in cybersecurity this year.“This growing recognition is translating into concrete action across organizations,” the authors wrote. “The percentage of respondents assessing the security of AI tools has nearly doubled from the previous year, from 37% in 2025 to 64% in 2026.”The significant jump in one year highlights the speed of AI’s impact on cyber defenses and cyber threats and the technology’s expanding dual role in cybersecurity, as both a weapon and protection. While organizations are ramping up processes to secure their AI operations, AI vulnerabilities are accelerating at a hurtling pace, with 87% of respondents pointing to AI-related vulnerabilities as the fastest-growing cyber risk last year.Cyber-enabled fraud and phishing were the second fastest, with 77% of business leaders saying the risk had ramped in 2025.A Transformative Technology“Artificial intelligence … is transforming cyber on both sides of the fight – strengthening defense while enabling more sophisticated attacks,” the authors wrote. “Organizations are striving to balance innovation with security – embracing AI and automation at scale, even as governance frameworks and human expertise struggle to keep pace. The result is a fast-paced, metamorphic landscape where disruptions move swiftly across borders, even as technology offers new potential for resilience.”The change in focus among business leaders was sharp, according to Giulia Moschetta and Ellie Winslow with the WEF.“As generative AI (GenAI) scales across organizations, leaders’ concerns are shifting from offensive use to unintended data exposure,” Moschetta and Winslow wrote. “In 2026, data leaks linked to GenAI (34%) now outweigh fears about adversarial AI capabilities (29%). This marks a striking reversal from previous years – in 2025, advancement of adversarial capabilities topped the list at 47% compared to only 22% for data leaks associated with GenAI.”Mitigation Focuses on GeopoliticsGeopolitics is driving organizations’ risk mitigation strategies, with 64% accounting for attacks like espionage or the disruption of critical infrastructure that have become features of nation-state campaigns by China, Russia, and others, according to the report.The topic outpaced others as strategic concerns, including disinformation at 49% and the convergence of operational technology, the Internet of Things, and robotics (42%). In addition, 91% of the largest companies in the survey – those with more than 100,000 employees – have adapted their strategies based on the changing geopolitical landscape.“On the geopolitical front, fragmentation and sovereignty concerns are reshaping cooperation and trust among nations,” the report’s authors wrote. “Hybrid threats and escalating cyberattacks reflect the increasing volatility of the global environment.”In addition, fewer business users are looking to their governments for help.“In the context of geopolitical volatility, confidence in national cyber preparedness continues to erode, with 31% of survey respondents reporting low confidence in their nation’s ability to respond to major cyber incidents, up from 26% last year,” they wrote.The numbers vary sharply depending on location, with 84% of organizations in the Middle East and North Africa being confident in their countries’ preparedness. Only 38% of companies in North America felt the same, with those in Latin America and the Caribbean region hitting bottom, with 13% expressing confidence.A Coordinated Defense NeededThe WEF’s Moschetta and Winslow wrote that, given the global nature of cyber threats and the interconnectedness of the economy, resilience can’t be done in isolation but needs to be coordinated across business sectors, borders and value chains.“Cybersecurity is not merely an IT function – it is a strategic business imperative and a cornerstone of national economic resilience,” they wrote. “Beyond mitigating risk and preventing losses, it also serves as a driver of economic growth, fueling innovation, job creation and competitiveness across industries.”
About Author
