Cyber fraud and geopolitics reshaping global threat landscape, warns WEF

Cybercrime is spreading faster and further than ever before

Cyber-enabled fraud has become one of the most pervasive digital threats facing governments, businesses and individuals worldwide, according to Global Cybersecurity Outlook 2026 report by the World Economic Forum (WEF).

The report [pdf] warns that cybercrime is expanding at an unprecedented pace, fuelled by advances in AI, fragmented global politics and growing weaknesses in supply chains.

Nearly three-quarters of respondents said they or someone they knew had been personally affected by cyber-enabled fraud during 2025.

The report highlights how AI is accelerating both cyberattacks and defences. Almost all respondents – 94% – identified AI as the single biggest driver of change in cybersecurity in the year ahead.

As a result, organisations are beginning to respond: the proportion assessing the security of AI tools has risen sharply, from 37% in 2025 to 64%.

However, the pace of innovation is also creating new vulnerabilities. Some 87% of respondents said AI-related weaknesses were the fastest-growing cyber risk last year, reflecting concerns over data leakage, model misuse and insufficient governance frameworks.

Most organisations now factor in the risk of state-backed attacks

Geopolitics remains the most influential factor shaping cyber risk strategies in 2026, the WEF said.

Nearly two-thirds of organisations now factor in the risk of state-backed cyberattacks, including espionage and disruption to critical infrastructure.

Among the world’s largest companies, more than 90% have already altered their cybersecurity strategies in response to geopolitical instability.

Despite these efforts, confidence in national cyber preparedness is slipping.

Almost a third of respondents reported low confidence in their country’s ability to respond to a major cyber incident, up from a quarter the previous year.

Views differ sharply by region, with high confidence reported in the Middle East and North Africa, while Latin America and the Caribbean recorded particularly low levels.

Recent cyber incidents affecting airports and energy facilities have heightened concerns, especially within the public sector.

Nearly a quarter of public-sector organisations surveyed said they lacked sufficient cyber resilience, despite their central role in protecting critical infrastructure.

The report also reveals a growing divide in priorities between corporate leaders and technical teams.

Fraud overtakes ransomware as top risk

Chief executives now rank cyber-enabled fraud as their top digital risk, overtaking ransomware.

By contrast, chief information security officers continue to focus on ransomware attacks and the fragility of supply chains.

Supply chain vulnerabilities remain a major concern, with 65% of large companies citing third-party risks as their biggest challenge, a significant rise from last year.

A series of high-profile ransomware attacks in the UK during 2025 disrupted retailers including Marks & Spencer, Harrods and Co-op, suggesting how quickly operational and reputational damage can spread.

Commenting on the findings, Chris Newton-Smith, chief executive of technology firm IO, said organisations were struggling to adapt traditional compliance frameworks to a more complex risk environment.

“With the vast increase in AI adoption, companies are facing new technical vulnerabilities as well as having to deal with growing governance and compliance challenges, such as data leakage and model misuse, to accountability, oversight and regulatory readiness.”

He argued that resilience now depends on integrating cybersecurity, privacy and AI governance into a single, coherent risk strategy.

Geopolitical divisions are further complicating the response, according to Megha Kumar, chief product officer and head of geopolitical risk at Cyxcel.

She warned that growing rifts between the US, UK and EU over technology regulation were hampering cooperation.

“The rift among advanced economies will almost certainly intensify over 2026, not least due to the Trump administration’s agenda, leaving businesses to deal with uncertainty over digital policy & responsible AI deployment and a needlessly high compliance burden,” she said.

“This doesn’t mean organisations should give up on managing the risks, rather it means that risk management needs to be elevated to take an integrated view of cybersecurity, regulation, technology, supply chain, geopolitics and AI.”