For a long time, cybersecurity occupied an unusual moral space in global affairs. It was adversarial, but bounded. Governments spied, criminals stole, and corporations patched. Yet there lingered a sense—more custom than law—that certain systems were sacrosanct. Power grids. Financial plumbing. Hospitals. Aviation. Cyber was a competition by other means, but it was not supposed to be catastrophic.
That assumption has been weakening for years. The Global Cybersecurity Outlook 2026, released by the World Economic Forum this January, doesn’t announce the end of that era so much as document its quiet erosion
What the report reveals, beneath its charts and rankings, is not merely an escalation of cyber risk but a deeper transformation: cybersecurity is no longer primarily a technical problem. It has become a problem of trust—who and what can still be believed in a digital environment increasingly shaped by automation.
The report’s most widely cited statistic is also its most revealing. Ninety-four percent of respondents say artificial intelligence will be the most significant driver of cybersecurity change in 2026, and eighty-seven percent say AI-related vulnerabilities are the fastest-growing risk.
Those numbers are often interpreted as a warning about smarter attacks. But the more unsettling implication is subtler. AI doesn’t just scale hacking; it scales plausibility. It erodes the informal signals—tone, timing, friction—that humans once relied on to distinguish the legitimate from the fraudulent.
In earlier eras, technological fraud tended to announce itself. The Nigerian prince’s email. The misspelled invoice. The clumsy impersonation. Today, the most effective attacks are indistinguishable from routine business. A voice on the phone sounds like the CFO. The invoice matches prior transactions. The urgency feels familiar. Trust itself has become the attack surface.
That shift helps explain one of the report’s most striking findings: cyber-enabled fraud has overtaken ransomware as the top concern for chief executives, even as chief information security officers continue to rank ransomware and supply-chain disruption higher
The concern is grounded in experience. Seventy-three percent of respondents say they or someone in their network was personally affected by cyber-enabled fraud in 2025. Cybercrime is no longer episodic. It is ambient and constant.
Recent incidents reinforce the point. In the UK, ransomware attacks against major retailers—including Marks & Spencer and Harrods—disrupted operations and exposed customer data. In August 2025, a cyberattack on Jaguar Land Rover halted production for weeks, rippling through more than five thousand suppliers and costing the broader UK economy billions.
Public-sector breaches have been just as revealing. Hospitals forced back to pen and paper. Municipal systems taken offline. Sensitive citizen data exposed at scale.
What makes these attacks consequential is not novelty but context. Modern economies are tightly coupled. Cloud platforms, logistics software, identity systems, and payment rails link thousands of organizations into shared digital ecosystems. When one node fails, the effects propagate. The report notes that sixty-five percent of large companies now cite third-party and supply-chain vulnerabilities as their greatest cyber-resilience challenge, up sharply from the year before.
At the same time, confidence in institutional response is eroding. Fewer than 45% of private-sector CEOs say they are confident in their country’s ability to respond to a major cyberattack on critical infrastructure.
Michael Miebach, the CEO of Mastercard, articulates the dilemma this way: “Cybersecurity is the foundation for our digital world. It is at the heart of trust… But it’s not something one can do on their own.”
The irony is hard to miss. Cybersecurity emerged alongside the internet itself, shaped by a belief that shared vulnerability would encourage restraint. No one, it was assumed, would benefit from destabilizing systems on which everyone depended. That belief held—imperfectly—for a time. Automation changes the game.
The report notes that the share of organizations assessing the security of AI tools before deployment rose from 37% in 2025 to 64% in 2026. That progress reflects growing awareness—but also growing anxiety. Much of what now passes for AI governance is about preparing for failure: creating audit trails, documenting oversight, and establishing who approved what when things go wrong.
Resilience, in this context, is being redefined. Only nineteen percent of organizations say their cyber resilience exceeds requirements, yet confidence in resilience is rising.
K. Krithivasan, CEO of Tata Consultancy Services, puts it this way: “The businesses that thrive in the future will not be those that have never been hit… but those which have built the strongest capability to recover.”
AI has accelerated offense faster than institutions can arbitrate truth. Fraud has outpaced enforcement. Geopolitics has fractured trust faster than coordination mechanisms can adapt.
Yet something fragile remains. Cybersecurity is still one of the few domains where international consensus was meant to keep conflicts from escalating. That common ground is increasingly hard to find—but it has not vanished.
I’ll be looking for it in Davos—between governments still willing to talk, companies still willing to share, and technologists who understand that resilience without cooperation is just isolation with better tools. Whether that space can be preserved may determine whether cyber remains a pressure valve—or becomes something far more dangerous.
