Businesses double down on AI security as 64% now assess risks before deployment

Businesses in 2026: AI security oh yeah better look at that

Survey finds security checks nearly doubled in a year as leaders wise up The number of organizations that have implemented methods for identifying security risks in the AI tools they use has almost doubled in the space of a year. Nearly two-thirds (64 percent) of all business leaders who participated in the World Economic Forum's (WEF) Global Cybersecurity Outlook 2026 said that they assessed AI tools' security risks before deploying them. The finding represents a steep rise compared with last year's 37 percent figure, and underlines how much of a priority AI security has become for organizations worldwide. Nearly all respondents (94 percent) said that AI will be the most significant driver of cybersecurity change in 2026, and 87 percent believe that the associated vulnerabilities have increased - more than any other type of threat. It's true that The Reg was busy last year covering AI vulnerabilities. Prompt injections were the main culprits - there were lots of them - while AI code assistants were seen making expert devs worse, and in December, Google was called in to fix the security issues created by Gemini. The WEF's findings, published a week before its annual Davos meeting, offer a more positive view on the state of AI security across the world than the show of hands suggested at the NCSC's annual conference in May. In a room full of roughly 200 security professionals, not a single one could claim that they had a strong grasp of the security of their organization's AI systems. For leaders, the most common fear concerning AI right now is data leaks, the WEF survey noted. Coming in just behind is the advancement of adversarial capabilities, which makes sense given that the report also found that geopolitically motivated attacks were the most common feature of leaders' risk strategies. Sixty-four percent of organizations reported that geopolitical matters played the biggest role in shaping their cyber risk strategies, topping the list for consecutive years. Geopolitics was far more of a concern for larger organizations, those with more than 100,000 employees, with 91 percent reporting that their security plans changed as a result, compared to just 59 percent for those with fewer than 1,000 staffers. Gartner reached similar conclusions after surveying European CIOs and other IT leaders in 2025, finding that many were considering opting for a local cloud provider as data sovereignty fears escalate. Geopolitics most commonly influences cybersecurity and cybercrime when it comes to the conflicts between major adversaries. It is not uncommon for UK or US organizations to be pelted with DDoS attacks from Russian cyber troublemakers, for example. Russia also has a history of targeting major sporting events, so organizations in the US may be preparing for politically-motivated cyberattacks later this year, as the world's eyes will be on the FIFA World Cup this summer. For CEOs, however, the threat from hacktivists is not even on their radars. Cyber-enabled fraud, such as phishing and social engineering, is the number-one concern, followed by AI vulnerabilities and exploits of software flaws. Ransomware was the chief worry of 2025, and supply chain disruptions were third on the list last year, but both dropped out of the top three in 2026. Ransomware remains the prime fear for CISOs, though. Both ransomware and supply chain attacks remain at ranks one and two, respectively, in security chiefs' lists of nightmares. The key to preventing the worst outcomes is for all organizations to pursue a heightened state of cyber resilience. "Cyber resilience" is a phrase that's repeated time and again by national security authorities for a good reason. It refers to an organization's ability to minimize the impact of a cyberattack, should one penetrate its systems. The majority of respondents to the WEF's survey (64 percent) claimed that they met the minimum requirements for cyber resilience, while only 19 percent believed that they are exceeding those baseline standards. Major attacks, such as those on JLR and M&S, high-profile events that led to extensive and costly periods of downtime for both businesses, illustrate the issues with minimizing cyberattacks that organizations continue to face. ®

Businesses are finally taking action to crack down on AI security risks

The World Economic Forum (WEF) has uncovered a positive trend in the world of AI - with companies finally taking action to address the security risks of AI, as nearly two in three (64%) are now assessing the risks before deploying tools (up from 37% last year). When it comes to their cybersecurity strategies as a whole, almost all (94%) agree that AI tools will be the biggest driver of change in 2026. This comes from the 2026 version of the Global Cybersecurity Outlook, published in collaboration with Accenture. The reported changes in attitude are likely prompted by the fact that 87% believe that AI-related vulnerabilities have increased. Data leaks (34%) are CEOs' biggest concerns, technical security of AI systems saw the biggest increase (13% in 2026 vs 5% in 2025), and the advancement of adversarial capabilities saw the biggest drop (29% in 2026 vs 47% in 2025) despite being the second-biggest concern. Today, around two-thirds (64%) of organizations factor in geopolitically motivated attacks, and many are moving towards sovereign cloud options. Still, there are differences in how the C-suite perceive AI threats. CEOs now quote fraud and AI vulnerabilities as their biggest concerns, but CISOs are most concerned about ransomware and supply chain disruptions. Both leader types noted software vulnerability exploitations as their third-highest concern. Despite widespread agreement that AI-enabled threats have risen, companies are still turning to AI to respond. Three-quarters (77%) now use AI for cybersecurity, with the most common applications being phishing detection (52%), intrusion detection (46%), and automating security operations (43%). On the flip side, a lack of skills (54%), the need for human validation (41%), and uncertainty about risks (39%) are the key barriers to using AI in cybersecurity. Looking ahead, the WEF sees highly convincing phishing, deepfake scams, and automated social engineering becoming the biggest AI-enabled threats. But although AI might be accelerating them, the most common attack method remains phishing - something that hasn't changed at its core for a long time.