The Global Cybersecurity Outlook 2026 survey gathered insights from more than 100 CEOs across industries and regions. Their responses offer a unique lens into how leaders perceive the evolving cyber landscape.

Cyber-enabled fraud is CEOs’ top concern, while ransomware remains the primary concern for CISOs

In 2025, CEOs were most concerned about ransomware attacks, followed by cyber-enabled fraud. In 2026, their priorities shifted, with cyber-enabled fraud and phishing taking the top spot and AI vulnerabilities emerging second. For CISOs, the top risks showed strong continuity, with ransomware attacks remaining the leading concern and supply chain disruption consistently holding second place across both years. This suggests CEOs are prioritizing financial loss prevention and preparing for new threats, while CISOs remain focused on operational resilience.

Table 2: Ranking of CEOs' and CISOs' cyber risk concerns for their organizations

CEOs of highly resilient companies are concerned about AI vulnerabilities

Cyber-enabled fraud and phishing remain the top cybersecurity concerns for CEOs of insufficiently resilient organizations. However, as resilience strengthens, risk perception shifts towards emerging threats: among CEOs of highly resilient organizations, AI-related vulnerabilities rise to the top. This suggests that resilient organizations are more attuned to the evolving risks posed by advanced technologies.

Table 3: CEO survey responses, segmented by organizational resilience level

Data leaks and advancement of adversarial capabilities dominate CEOs’ concerns about generative AI

CEOs identify data leaks (30%) and the advancement of adversarial capabilities (28%) as the most significant security concerns related to generative AI (genAI). These two risks stand out clearly above others, indicating that exposure of proprietary data through genAI and the growing sophistication of cyber attackers are the primary issues on CEOs’ radars for 2026.

Figure 1: CEOs' perception of key AI security risks

Private-sector CEOs question national readiness for major cyberattacks on critical infrastructure

Less than 45% of all CEOs from the private sector are confident in their country’s ability to respond to major cyber incidents targeting critical infrastructure.

Figure 2: CEOs' confidence in national responses to cyberattacks on critical infrastructure

CEOs of highly resilient organizations prioritize threat intelligence and information sharing to address geopolitical volatility

Some 52% of CEOs of highly resilient organizations are prioritizing threat intelligence on nation-state actors, compared to 13% of CEOs of insufficiently resilient organizations. Similarly, 48% of CEOs of highly resilient organizations are increasing collaboration with government agencies and information-sharing groups, whereas only 6% of CEOs of insufficiently resilient organizations report doing so. This indicates that resilience is no longer built in isolation. It is achieved through shared intelligence and partnerships.

Figure 3: CEOs' views on the evolution of cybersecurity strategy amid geopolitical volatility, by organizational resilience level

CEOs of highly resilient organizations cite external ecosystem risks as the top challenge to cyber resilience, while less resilient peers point to funding and skills shortages

As organizational resilience improves, CEOs increasingly shift their attention from internal resource constraints, such as funding or skills shortages, to broader ecosystem risks. In the survey, 78% of CEOs of highly resilient organizations identify supply chain and third-party dependencies as the most significant challenge to further strengthening resilience. On the other hand, cybersecurity skills shortage (56%) and lack of funds (63%) were the top challenges identified by CEOs of insufficiently resilient organizations to improve their cyber resilience.

Figure 4: CEOs' greatest challenge to becoming cyber resilient, by organizational resilience level

CEOs of highly resilient organizations integrate security into their procurement process to address supply chain risk

CEOs of highly resilient organizations integrate security into their procurement process (70%) and prioritize supplier-maturity assessments (59%) to address supply chain risk.

Figure 5: CEO approaches to supply chain risk management, by organizational resilience level

CEOs from sub-Saharan Africa, Latin America and the Caribbean face the greatest cyber skills shortages

Outside of Europe and North America, more than half of CEOs admit lacking the skills to achieve current cybersecurity goals, with sub-Saharan Africa (70%) and Latin America and the Caribbean (69%) facing the greatest gaps.

Figure 6: CEOs' views on whether their organization's workforce has the skills for current cybersecurity objectives, by region