Omid studio - stock.adobe.com

News

Business leaders see AI risks and fraud outpacing ransomware, says WEF

C-suite executives are more concerned with risks arising from AI vulnerabilities and cyber fraud than ransomware, according to the World Economic Forum

Alex Scroxton
By
Published: 12 Jan 2026 17:00

Midway through a decade that is coming to be defined by the runaway acceleration of technological change, the threat of ransomware attacks seems to be dropping down the agenda in boardrooms around the world, with C-suite executives more concerned about growing risks arising from artificial intelligence (AI) vulnerabilities, cyber-enabled fraud and phishing attacks, disruption to supply chains, and exploitation of software vulnerabilities.

This is according to the fifth annual World Economic Forum (WEF) Global cybersecurity outlook report, based on a survey of 804 participants from 92 countries, including 316 chief information security officers (CISOs), 105 CEOs and 123 other C-suite executives such as chief risk or technology officers, conducted between August and September 2025, as well as workshop discussions and short polls conducted around the forum’s Global Future Councils and Cybersecurity meeting.

A total of 87% of these respondents believed risks from AI increased in the past year, compared with 13% who were neutral on the subject. Approximately 77% saw risks from fraud and phishing on the rise; 66% talked about supply chain disruption; and 58% identified vulnerability exploitation as a growing threat.

However, when it came to ransomware, just 54% saw rising risk levels, compared with 39% who expressed a neutral opinion, while the remainder of the respondents, approximately 7%, said the risk from ransomware actually decreased in 2025.

“Cyber security risk in 2026 is accelerating, fuelled by advances in AI, deepening geopolitical fragmentation and the complexity of supply chains,” wrote WEF managing director Jeremy Jurgens in the report’s preamble.

“These shifts are compounded by the enduring sovereignty dilemma and widespread cyber inequity, two factors that expose systemic vulnerabilities. The result is a threat environment where the speed and scale of attacks are testing the limits of traditional defences.”

AI risk factors

Digging deeper into some of the risk factors arising from AI, the C-suite said that data leaks, followed by advancing adversarial capabilities, were the most pressing concerns, followed by the technical security of AI systems, increasingly complex governance, legal risks around intellectual property and liability, and software supply chain and code development concerns.

Notably, the top two concerns swapped places in the 2026 report compared with last year – with 34% most concerned about data exposure this year compared with 22% in 2025, while the percentage of those most concerned about adversarial capabilities fell from 47% last year to 29% this year.

This likely reflects a changing, potentially maturing, attitude to AI risk, and the WEF said it was looking to a “turning point” in the AI risk landscape this year.

It said that even though the AI arms race between defenders and attackers shows no signs of slowing, attention is pivoting from “offensive innovation” towards less noisy – but arguably more dangerous – factors.

Looking ahead to 2026

    Some of the other data points in the report also appear to bear this out, with C-suite executives doubling down on structured processes and governance models to better manage AI.

    Quoted in the report, Josephine Teo, Singapore’s minister for digital development and information and minister-in-charge of the country’s Cyber Security Agency and Smart Nation Group, said: “Developments in AI are reshaping multiple domains, including cyber security. Implemented well, these technologies can assist and support human operators in detecting, defending and responding to cyber threats.

    “However, they can also pose serious risks such as data leaks, cyber attacks and online harms if they malfunction, or are misused.”

    Teo urged a more forward-looking, practical and collaborative approach to the safe development and use of rapidly evolving tech such as AI.

    “The risks transcend borders, and the challenge is to maximise AI’s benefits, including to strengthen our cyber resilience, while minimising its risks,” she said.

    Ransomware still a live threat

    However, despite the headline risks detailed in the WEF’s report, the ransomware threat has not gone away – as demonstrated by many of the most well-documented cyber attacks to have taken place in 2025, most of which were still ultimately driven by extortion.

    Indeed, among those who identified as CISOs, ransomware remained the leading risk concern. While CEOs concern themselves more with broader business impacts of cyber crime, CISOs are understandably consumed by the operational disruption a successful ransomware attack can cause.

    This may go some way to explaining the elevated concerns over cyber fraud revealed by the WEF’s data.

    A total of 77% of respondents said they had seen an increase in cyber-enabled fraud and phishing, and 72% revealed that either they themselves or someone in their professional or personal networks had been affected by it – the most common forms of attack reported were phishing, payment fraud and identity theft.

    Read more on IT risk management