AI-Driven Cyber Threats Are the Biggest Concern for Cybersecurity Professionals Going Into 2026, Finds New ISACA Research

LONDON--(BUSINESS WIRE)--Over half (51%) of European IT and cybersecurity professionals fear AI-driven cyber threats and deepfakes will keep them up at night next year, according to new ISACA research.

AI-driven cyber threats are the biggest concern for cybersecurity professionals going into 2026, finds new ISACA research.

Share

What’s driving this concern is a lack of preparedness for AI-related risks across the industry. Only 14% of respondents feel their organisation is very prepared to manage the risks associated with generative AI solutions in 2026. The majority (82%) feel they are only somewhat prepared, not very prepared, or not prepared at all.

Tech professionals clearly perceive AI-driven threats as the most concerning, yet other threats persist which pose risks to business continuity. Other than AI-driven threats, regulatory complexity and compliance risks (38%), supply chain vulnerabilities (37%), and the failure to detect and respond to a breach, causing irreparable harm to the business (35%) were also cited as concerns keeping cyber professionals up at night. Further, only 7% of respondents feel extremely confident that their organisation could successfully navigate a ransomware attack in 2026.

AI is seen as both a growing threat and an opportunity for cyber and digital trust professionals, who recognise how transformative it can be for their organisation. The survey also asked respondents what they believe will be the top three technology trends or priorities impacting their work in 2026. The leading responses were generative AI and large-language models (61%), which are used for processes such as content and code generation, followed by AI and machine learning (57%), such as predictive analysis.

But when asked what respondents see as the most significant cyber threats facing organisations in 2026, almost two-thirds (59%) said AI-driven social engineering. Another threat facing organisations is insider threats, whether intentional or accidental (29%).

Over six in ten (64%) said business continuity and resilience is a very important focus area in 2026. ISACA believes ensuring staff are both trained to use AI safely and securely in the workplace and trained to respond to AI-driven cybersecurity threats will be key to building business resilience. But over a quarter (27%) have no plans in the year ahead to hire for digital trust roles, such as audit, risk and cybersecurity.

“AI represents both the greatest opportunity and the greatest threat of our time. This research highlights a stark reality: while organisations are beginning to embrace AI’s transformative potential, many remain underprepared to manage its risks in the year ahead,” said Chris Dimitriadis, Chief Global Strategy Officer at ISACA. “AI cybersecurity and assurance certifications will help cyber professionals manage the evolving risk related to AI, implement policy, and ensure its responsible and effective use across the organisation.”

A further tension is that while over one-thirds of respondents (38%) cite regulatory complexity and global compliance risks as a concern keeping them up a night, over three-quarters (79%) agree or strongly agree that cyber-related regulation will advance digital trust, and over half (53%) agree or strongly agree that it will drive business growth. It is clear that a better understanding of regulatory change and the opportunities it can unlock would see cyber professionals navigating compliance with greater confidence, driving business resilience.

“Many of the concerns the respondents raise signal an opportunity to transform how we approach these issues, shifting them from worries to a catalyst for business growth,” Dimitriadis continued. “For example, when regulation or guidance is viewed not just as a box-ticking exercise but as an opportunity to innovate in a resilient manner in the long term.”

Survey data and additional analysis are available at www.isaca.org/tech-trends-and-priorities.

About ISACA

For more than 55 years, ISACA^® (www.isaca.org) has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.

ISACA security resources

ISACA is a nonprofit, vendor-neutral organisation and the creator of globally recognised credentials, including its recently introduced Certified Cybersecurity Operations Analyst (CCOA) and Advanced in AI Security Management (AAISM) credentials. Additional security resources include AI and cybersecurity-focused online courses, including AI Threat Landscape course.

Notes to Editors

All figures are based on fieldwork conducted by ISACA between 22 August 2025 and 4 September 2025, amongst a total of 632 digital trust professionals in Europe.