AI as the Key Driver of Rising Cybersecurity Risks – Global Outlook Insights

Report Overview and Methodology

The World Economic Forum released its fifth annual Global Cybersecurity Outlook, a 64‑page report based on a 19‑question survey conducted in autumn 2024. It gathered responses from 804 participants across 92 countries, including 316 chief information security officers (CISOs) and senior executives, and incorporated insights from 21 closed‑door discussions with CISO community members.

Key Findings: Accelerating Risks and AI’s Central Role

The report states that cyber‑security risk will continue to rise sharply by 2026. AI technology progress is identified as a major driver, alongside structural challenges such as heightened geopolitical fragmentation and increasing supply‑chain complexity.

94% of respondents believe AI will become the most important change‑agent for cybersecurity by 2026.

87% report a noticeable increase in AI‑related security vulnerabilities over the past year.

Other rising threats include fraud and phishing attacks, supply‑chain disruptions, and exploitation of software vulnerabilities.

Confidence in national preparedness is declining: 31% of respondents lack confidence in their country’s ability to handle major cyber incidents, up from 26% the previous year. Regional differences are stark, with 84% confidence in the MENA region versus only 38% in North America.

CEO vs. CISO Risk Perception Gap

Surveys reveal structural differences in risk prioritisation:

CEOs rank fraud, phishing, and AI vulnerabilities as top threats, elevating phishing to the primary risk and AI vulnerabilities to second place.

CISOs also flag ransomware as a top concern but place supply‑chain disruption second and software‑exploit risks third.

The analysis attributes this gap to CEOs focusing on business‑level financial impacts, while CISOs concentrate on operational disruption to IT/OT systems.

AI Expands the Attack Surface and Reshapes Defences

The WEF highlights that large‑scale AI adoption widens the attack surface and introduces novel vulnerabilities beyond traditional security controls. Attackers exploit AI to increase the scale, speed, complexity and precision of attacks. Defensive use of AI is possible, but only when deployment is highly disciplined and governed. The report quotes: “AI’s value depends on regulated, rational use; unguided deployment can create new risks such as configuration errors, decision bias, over‑reliance on automation, and susceptibility to adversarial manipulation.”

Governance Improvements and Ongoing Challenges

64% of organisations now establish a security‑assessment process before deploying AI tools, up from 37% in the previous survey.

77% have adopted AI in cybersecurity, primarily for phishing detection (52%), intrusion and anomaly response (46%), and user‑behaviour analytics (40%).

Key obstacles remain: insufficient knowledge or skills (54%), heavy reliance on manual oversight (41%), and uncertainty about potential risks (39%).

The report concludes that “trust” remains the critical barrier to large‑scale AI adoption in cybersecurity.

Looking to 2030: Emerging Technological Risks

Beyond AI, the outlook foresees several emerging risk vectors by 2030, including autonomous systems and robotics, quantum technologies, digital currencies, space‑technology and undersea cables, as well as natural disasters and climate change. Autonomous systems are expected to create new cyber‑physical composite risk forms, while quantum advances could turn theoretical threats into selective, high‑impact risks.

Conclusion: Collective Responsibility for Cyber Resilience

The final message stresses that building a secure digital future cannot rely solely on technology. It requires decisive leadership, clear shared‑responsibility mechanisms, and continuous improvement of the security “baseline.” Organisations that treat cyber‑resilience as a strategic, collective responsibility will be better positioned to sustain trust, drive innovation, and protect the globally interconnected infrastructure.