Midway through a decade defined by the breakneck acceleration of technological innovation, the threat of ransomware attacks appears to be moving down the agenda in boardrooms around the world, with executives increasingly concerned about the growing risks posed by artificial intelligence (AI) vulnerabilities, cyber-enabled fraud and phishing attacks, supply chain disruptions, and software vulnerability exploitation.
This is according to the 5th World Economic Forum (WEF). Global Cybersecurity Outlook The report is based on a survey of 804 participants from 92 countries conducted between August and September 2025, including 316 chief information security officers (CISOs), 105 chief executive officers (CEOs), and 123 other executives such as chief risk officers and technology officers, as well as workshop discussions and short public opinion polls held at the Forum's Global Future Council and Cybersecurity Conference.
A total of 87% of these respondents believe that risks from AI have increased over the past year, compared to 13% who were neutral on the matter. Approximately 77% see an increased risk from fraud and phishing. 66% talked about supply chain disruptions. Additionally, 58% see vulnerability exploitation as a growing threat.
However, when it comes to ransomware, only 54% of respondents said the risk level has increased, 39% expressed a neutral opinion, and the remaining 7% of respondents said that the risk from ransomware has actually decreased by 2025.
“Cybersecurity risks in 2026 will be accelerated by advances in AI, deepening geopolitical fragmentation, and increasing complexity of supply chains,” WEF Managing Director Jeremy Jurgens said in the report's foreword.
“These changes are further exacerbated by persistent sovereignty dilemmas and widespread cyber inequality, two factors that expose system vulnerabilities.The result is a threat environment where the speed and scale of attacks test the limits of traditional defenses.”
AI risk factors
Digging deeper into some of the risk factors arising from AI, executives said that data breaches and the subsequent evolution of adversarial capabilities are the most pressing concerns, followed by the technical security of AI systems, increasingly complex governance, legal risks around intellectual property and liability, and software supply chain and code development concerns.
Notably, in the 2026 report, the top two concerns have swapped places from last year. 34% of people are most concerned about data breaches this year, compared to 22% in 2025. Meanwhile, the share of people most concerned about adversarial capabilities has decreased from 47% last year to 29% this year.
This likely reflects a changing, and potentially maturing, attitude towards AI risks, with the WEF saying it sees a “tipping point” in the AI risk landscape this year.
The report says that even though the AI arms race between defenders and attackers shows no signs of abating, attention is shifting from “offensive innovation” to less noisy, but perhaps more dangerous, elements.
Other data points in the report seem to support this, with executives reinforcing structured processes and governance models to better manage AI.
“Advances in AI are reshaping multiple areas, including cybersecurity. If implemented properly, these technologies can assist and support human operators in detecting, preventing and responding to cyber threats,” said Josephine Teo, Singapore's Minister of Digital Development and Information and Minister responsible for the country's Cybersecurity Agency and Smart Nation Group, who was quoted in the report.
“However, if they malfunction or are misused, they can also pose significant risks such as data breaches, cyberattacks, and online harm.”
Mr Teo called for a more proactive, pragmatic and collaborative approach to the safe development and use of rapidly evolving technologies such as AI.
“Risks cross borders, and the challenge is to maximize the benefits of AI, including strengthening cyber resilience, while minimizing risks,” she said.
Ransomware remains a threat
But despite the key risks detailed in the WEF report, the ransomware threat has not gone away. This is evidenced by many of the most well-documented cyberattacks of 2025, most of which were still ultimately driven by extortion.
In fact, ransomware remained a major risk concern among CISOs and those certified. While CEOs are more concerned about the broader business impact of cybercrime, CISOs are understandably troubled by the operational disruption caused by successful ransomware attacks.
This may go some way to explaining the growing concern about cyber fraud revealed by the WEF data.
A total of 77% of respondents said cyber-based fraud and phishing is on the rise, and 72% said they or someone in their professional or personal network has been affected by a cyberattack. The most common forms of attacks reported were phishing, payment fraud, and identity theft.
