Threat landscape Cyber-enabled fraud is CEOs’ top concern, while ransomware remains the primary concern for CISOs In 2025, CEOs were most concerned about ransomware attacks, followed by cyber- enabled fraud. In 2026, their priorities shifted, with cyber-enabled fraud and phishing taking the top spot and AI vulnerabilities emerging second. For CISOs, the top risks showed strong continuity, with ransomware attacks remaining the leading concern and supply chain disruption consistently holding second place across both years. This suggests CEOs are prioritizing financial loss prevention and preparing for new threats, while CISOs remain focused on operational resilience. Ranking of CEOs’ and CISOs’ cyber risk concerns for their organizations TABLE 2 Which cyber risks concern you most for your organization? Rank Chief executive officer (CEO) Chief information security officer (CISO) 2025 2026 2025 2026 1 Ransomware attack Cyber-enabled fraud and phishingRansomware attack Ransomware attack 2Cyber-enabled fraud and phishing AI vulnerabilities Supply chain disruption Supply chain disruption 3 Supply chain disruption Exploitation of software vulnerabilities Cyber-enabled fraud and phishing Exploitation of software vulnerabilities CEOs of highly resilient companies are concerned about AI vulnerabilities Cyber-enabled fraud and phishing remain the top cybersecurity concerns for CEOs of insufficiently resilient organizations. However, as resilience strengthens, risk perception shifts towards emerging threats: among CEOs of highly resilient organizations, AI-related vulnerabilities rise to the top. This suggests that resilient organizations are more attuned to the evolving risks posed by advanced technologies. CEO survey responses, segmented by organizational resilience level TABLE 3 Which cyber risks concern you most for your organization?High resilience (rank)Insufficient resilience (rank) AI vulnerabilities 1 4 Cyber-enabled fraud and phishing 2 1 Supply chain disruption 3 7 Exploitation of software vulnerabilities 4 3 Ransomware attack 5 2 Insider threat 6 6 Denial-of-service attacks 7 5 Global Cybersecurity Outlook 2026 11