Cyber Fraud Overtakes Ransomware as Top CEO Concern

Ransomware remains the biggest concern for CISOs in 2026, according to WEF’s Global Cybersecurity Outlook 2026 report

Cyber-enabled fraud has overtaken ransomware as the primary concern for CEOs, marking a major shift in how business leaders perceive digital risk, according to the Global Cybersecurity Outlook 2026 report published by the World Economic Forum (WEF) on Monday.

Ransomware has been a top concern for executives for many years. The data collected by the WEF for its previous report showed that the top cyber risk named by CEOs was ransomware attacks, followed by cyber-enabled fraud and phishing, and supply chain disruptions.

For the 2026 report, written in collaboration with Accenture, ransomware did not make the top three list. Cyber fraud has become the top concern, followed by AI vulnerabilities, and the exploitation of software flaws.

A survey conducted for the WEF analysis found that 73% of CEOs were personally affected, or they knew a business leader affected, by cyber-enabled fraud in 2025.

In addition, 77% of respondents believe cyber fraud has increased over the past year. An increase has also been reported for AI vulnerabilities (87%), supply chain disruption (65%), and vulnerability exploitation (58%).

However, more than half of the respondents have also reported an increase in ransomware attacks.

In fact, while the concerns of CEOs have now shifted, ransomware has remained the top fear for CISOs, followed by supply chain disruption.

“This suggests CEOs are prioritizing financial loss prevention and preparing for new threats, while CISOs remain focused on operational resilience,” the WEF said in its report.

The WEF’s analysis also found that while AI remains a top concern, the nature of the threat has changed.

In 2025, the primary fear was adversarial AI (ie, hackers using AI to enhance their attacks), cited by 47% of respondents. In 2026, the top concern has shifted to unintended data exposure (34%) caused by employees using generative AI tools internally, while adversarial capabilities have dropped to the second position (29%).

Concerns regarding the use of AI in organizations are also reflected in the fact that 64% of organizations are now actively assessing the security of AI tools before deployment, up from 37% a year ago.

Organizations are also increasingly implementing AI-enabled tools to fulfill their cybersecurity objectives, particularly in areas such as detection of phishing and other email threats, intrusion detection and response, SOC automation, and insider threat monitoring.

Source: Securityweek.com