The number of organizations implementing methods to identify security risks in the AI tools they use has nearly doubled in one year.
Almost two-thirds (64%) of all business leaders who participated in the World Economic Forum's (WEF) Global Cybersecurity Outlook 2026 said they assessed the security risks of AI tools before implementing them.
This finding represents a significant increase compared to last year's 37% figure and highlights how AI security has become a priority for organizations around the world.
Nearly all respondents (94%) say AI will be the most important driver of cybersecurity change in 2026, and 87% believe related vulnerabilities will increase more than any other type of threat.
it's true The Leg Last year was busy covering AI vulnerabilities. Instant injection was the main culprit, but AI code assistants appeared to be undermining professional developers, and in December, Google was called in to fix security issues caused by Gemini.
The WEF findings, released a week before the annual Davos meeting, offer a more positive view of the state of AI security around the world than the show of hands proposed at the NCSC annual meeting in May.
In a room filled with approximately 200 security experts, not a single one could claim to have a thorough understanding of the security of an organization's AI systems.
According to WEF research, the most common AI concern for leaders today is data breaches. Following closely behind are advancements in adversarial capabilities, which is not surprising given that the report also reveals that geopolitically motivated attacks are the most common feature of leaders' risk strategies.
64% of organizations report that geopolitical issues played the biggest role in shaping their cyber risk strategy, topping the list for the second year in a row.
Geopolitics was a much bigger concern for larger organizations with more than 100,000 employees, with 91% reporting changes to their security plans as a result, compared to just 59% of organizations with fewer than 1,000 employees.
Gartner reached a similar conclusion after surveying European CIOs and other IT leaders in 2025, which found that amid growing concerns about data sovereignty, many companies are considering choosing local cloud providers.
Geopolitics most commonly impacts cybersecurity and cybercrime with respect to conflicts between major adversaries.
For example, it is not uncommon for organizations in the UK or US to experience DDoS attacks from Russian cyber troublemakers.
Russia has a history of targeting major sporting events, and with the world's attention focused on this summer's FIFA World Cup, U.S. organizations could be bracing for politically motivated cyberattacks later this year.
But for CEOs, the hacktivist threat is invisible. Cyber-based scams such as phishing and social engineering are the top concern, followed by the exploitation of AI vulnerabilities and software flaws.
Ransomware will be the main concern in 2025, while supply chain disruption was third on the list last year, but both will no longer be in the top three in 2026.
However, ransomware remains the biggest fear for CISOs. Ransomware and supply chain attacks both still rank first and second, respectively, on security executives' list of nightmares.
The key to preventing the worst outcomes is for all organizations to seek to improve their cyber resilience.
“Cyber resilience” is a phrase repeated many times by national security officials, and for good reason. This refers to an organization's ability to minimize the impact of a cyberattack if it infiltrates its systems.
The majority of respondents to WEF's survey (64%) claimed to have met the minimum requirements for cyber resilience, but only 19% believed they exceeded these basic standards.
The major attacks on JLR and M&S were high-profile events that caused extensive and costly downtime for both businesses, highlighting the challenges organizations continue to face in minimizing cyberattacks. ®
