AI-driven threats head list of challenges for cyber professionals in 2026

What’s driving this concern is a lack of preparedness for AI-related risks across the industry. Only 14% of respondents feel their organisation is very prepared to manage the risks associated with generative AI solutions in the New Year. The majority (ie 82%) feel they are only somewhat prepared, not very prepared or otherwise not prepared at all.

Tech professionals clearly perceive AI-driven threats as the most concerning, yet other threats persist and pose risks to business continuity. Other than AI-driven threats, regulatory complexity and compliance risks (38%), supply chain vulnerabilities (37%) and the failure to detect and respond to a breach, causing irreparable harm to the business (35%) were also cited as concerns.

Further, only 7% of respondents feel extremely confident that their organisation could successfully navigate a ransomware attack in 2026.

Transformative potential 

AI is seen as both a growing threat and an opportunity for cyber and digital trust professionals who recognise how transformative it can be for their organisation.

The ISACA survey also asked respondents what they believe will be the top three technology trends or priorities impacting their work in 2026. The leading responses were generative AI and large-language models (61%), which are used for processes such as content and code generation, followed by AI and machine learning (57%), such as predictive analysis.

When asked what respondents believe to be the most significant cyber threats facing organisations in 2026, almost two-thirds (59%) focused their attentions on AI-driven social engineering. Another threat facing organisations is insider threats (cited by 29% of respondents), whether intentional or accidental.

Further, 64% said business continuity and resilience is a very important focus area in 2026. ISACA believes that ensuring members of staff are trained to use AI safely and securely in the workplace and also trained to respond to AI-driven cyber security threats will be key to building business resilience. However, more than a quarter (27%) have no plans to hire for digital trust roles (such as those focused on audit, risk and cyber security) in the year ahead.

“AI represents both the greatest opportunity and the greatest threat of our time,” said Chris Dimitriadis, chief global strategy officer at ISACA. “This research highlights a stark reality: while organisations are beginning to embrace AI’s transformative potential, many remain underprepared to manage its risks in the year ahead. AI cyber security and assurance certifications will help cyber professionals to manage the evolving risk related to AI, implement policy and ensure its responsible and effective use across the organisation.”

Greater understanding

A further tension is that, while over two-thirds of respondents (38%) cite regulatory complexity and global compliance risks as a concern, over three-quarters (79%) agree (or strongly agree) that cyber-related regulation will advance digital trust, while over half (53%) agree or strongly agree that it will drive business growth.

It's clear that a better understanding of regulatory change and the opportunities it can unlock would see cyber professionals navigating compliance with greater confidence, in turn driving business resilience. 

“Many of the concerns the respondents raise signal an opportunity to transform how we approach these issues, shifting them from worries to a catalyst for business growth,” concluded Dimitriadis. “For example, when regulation or guidance is viewed not just as a box-ticking exercise, but rather as an opportunity to innovate in a resilient manner in the long term.” 

*Further detail is available online at www.isaca.org/tech-trends-and-priorities