Rob Elliss | Chief Revenue Officer
More About This Author >
Rob Elliss | Chief Revenue Officer
More About This Author >
“Cyber insecurity” ranks as a top global risk for the first time ever, according to the World Economic Forum Global Risks 2026 Report.
The report also revealed that cybersecurity risk in 2026 is accelerating, driven by advances in AI, the looming quantum threat, and the increasing connectedness of supply chains. All of this is fueling a threat environment where the speed and scale of attacks are putting conventional defenses through their paces like never before.
The report confirms that we are approaching an inflection point at which conventional security approaches will no longer succeed. The big question, therefore, isn't whether organizations need to prepare; we all know the answer to that. Rather, it's whether they will prepare in time.
The Eternal AI Promise (and Danger)
When it comes to AI, the WEF Cybersecurity Outlook Report 2026 said that the widespread integration of AI systems comes with a vastly expanded attack surface, crammed with new vulnerabilities that yesterday’s security tools weren’t built to address.
But it’s a two-way street.
- Defenders are using AI to boost their defense capabilities across detection, incident response, and even to automate high-volume analytical tasks.
- Concurrently, bad actors are leveraging these tools to scale, speed, and precision their attacks, fueling a new generation of automated exploitation and highly targeted social engineering.
Unfortunately, AI vulnerabilities are out of control, with 87% of those surveyed identifying these as the fastest-growing threat in 2026. When asked about specific concerns, the exposure of proprietary data and the advancement of adversarial capabilities are the top worries for CEO’s when it comes to GenAI (28%).
Respondents agreed that AI is set to be the most significant influencer of change, with 94% citing it. Companies are taking action accordingly, as 64% are now assessing the security of AI tools, a number that has almost doubled from 37% the year before.
These findings align with the Thales 2025 Data Threat report, which identifies the most concerning risks in GenAI security as the integration of new systems into an already complex hybrid IT and the integrity, trust, and confidentiality powering AI.
The Proliferation of AI Agents
As the adoption of AI agents within today’s businesses grows, digital systems will need to be designed and developed differently. These agents improve efficiency, responsiveness, and scalability by automating mundane, repetitive tasks, yet their integration introduces a host of new challenges for traditional security frameworks. Roles and processes will need to be redefined, and fundamental questions around decision-making and alert prioritization must be raised.
Managing the identities and privileges of AI agents has become critical and even more complex than managing human identities. Without robust governance, these agents can gain far more privileges than they need and can be manipulated through prompt injection or design flaws, or even accidentally propagate errors and vulnerabilities at scale. Their very speed and persistence are their enemies, requiring continuous verification, audit trails, and strong accountability measures grounded in zero trust to mitigate these dangers.
To protect against the dangers of AI and AI agents, Thales offers robust protection against weaponized AI through its AI Security Fabric and Imperva Application Security platform, which secures APIs and applications by acting as guardrails for LLMs and agentic AI. The platform monitors prompts, outputs, and interactions in real time to block common AI threats while integrating with WAFs and encryption for comprehensive defense.
Cyber-Enabled Fraud and Supply Chain Risks
Cyber-enabled fraud is threatening both executives and households, with 73% of respondents saying they or someone in their network had experienced it in 2025. Most of this occurred via phishing, smishing, or vishing (62%), followed by invoice or payment fraud (37%) and identity theft (32%).
Interestingly, cyber-enabled fraud is a greater concern for CEOs, while CISOs worry about ransomware and the resilience of their supply chains. Clearly, priorities diverge between those in the boardroom who focus on financial loss prevention and those on the front lines dealing with operational realities.
However, as organizational resilience improves, CEOs are turning their attention away from internal resource challenges toward broader ecosystem risks. Hence, more than three-quarters (78%) of CEOs of “highly resilient businesses” believe external ecosystem risks to be the main challenge to cyber resilience, while less resilient companies blame resources, both financial (63%) and a lack of skills (56%).
To address this concern, 70% of CEOs of highly resilient businesses integrate security into their procurement processes to manage supply chain risk, prioritizing supplier-maturity assessments (59%).
Preventing Cyber-Physical Failures
The WEF report also delved into critical infrastructure, noting that as it becomes increasingly digitized, automated, and interconnected, ICS and devices may not be adequately secured or monitored. When asked about their perception of the national cyber response to critical infrastructure attacks, the public sector lacks confidence in national preparedness, with less than a quarter (23%) of these entities reporting sufficient cyber-resilience capabilities.
The report said that monitoring industrial control systems and devices must be prioritized to ensure:
- Incident visibility to distinguish between a cyberattack, a technical failure, or simply human error
- Infrastructure resilience against cyber-physical failures
For critical infrastructure entities, Thales offers a broad portfolio of complementary application security, data security, and identity & access management products to provide a comprehensive solution that helps build resilient organizations and address NIS2 requirements.
Quantum Computing and Digital Trust
The report also looked at quantum computing and how it could undermine digital trust infrastructure and lead to mass decryption. If the cryptographic systems that enable us, our devices, and the services we use to prove who we are fail, all forms of digital authentication will be at risk. Unfortunately, the survey found that many businesses are on the back foot when it comes to understanding the possible impacts of quantum. It revealed that only 5% of organizations have quantum-safe encryption in place.
To establish digital trust, Thales has invested in ensuring crypto agility to future-proof organizations and enable quick adoption of post-quantum cryptographic algorithms with minimal disruption.
Act Before Risks Outpace Defenses
Reports like the ones from the World Economic Forum help CEOs and CISOs understand how the cybersecurity landscape is evolving, and enable them to act before risks outpace defenses.
Thales is always at the forefront of technology and cyber threat evolutions and delivers a broad portfolio of solutions to help organizations build a future we can trust.