Full Report
Phishing attacks and cyber fraud have overtaken ransomware as the top cybersecurity concern of business leaders, according to the World Economic Forum’s (WEF) Global Cybersecurity Outlook for 2026.
Analysis Summary
# Main Topic
Phishing attacks and cyber fraud have surpassed ransomware as the top cybersecurity concern for business leaders, according to the World Economic Forum’s (WEF) Global Cybersecurity Outlook for 2026. Cyber-enabled fraud is now characterized as a "pervasive threat" reaching "record highs," causing substantial financial losses and undermining system trust.
## Key Points
- 77% of surveyed global business leaders reported an increase in overall cyber-enabled fraud and phishing.
- 73% of leaders claimed that they or someone they know in a leadership position had been personally affected by cyber-enabled fraud.
- The primary form of cyber fraud reported was phishing attacks (62% of respondents).
- Cyber-enabled fraud is recognized as a strategic, economic, and societal concern, not just a technical issue.
- AI is expected to be the biggest force shaping cybersecurity in 2026, accelerating risks at unprecedented speed (87% reported rising AI-related vulnerabilities last year).
## Threat Actors
- No specific threat actors or groups were explicitly attributed to the survey findings, as the report focuses on the overall *prevalence* of threat types rather than attribution for a single campaign.
## TTPs
Specific cyber fraud TTPs identified as the most common:
- **Phishing Attacks:** The leading threat, encompassing traditional email phishing, voice-enabled phishing (**vishing**), and SMS-enabled phishing (**smishing**).
- **Invoice or Payment Fraud (BEC):** Affected just over one-third of respondents (37%).
- **Identity Fraud:** Affected 32% of organizations surveyed.
- **Insider Threat/Employee-led Fraud:** Reported by one in five respondents.
- **Romance or Impersonation Scams:** Reported by 17%.
- **Cryptocurrency and Investment Fraud:** Reported by 17%.
## Affected Systems
- The report focuses on organizational impact across industry and society, rather than specific technical systems or software versions.
- **Impact Vectors:** Attackers use phishing to steal credentials (usernames/passwords) or convince employees to pay fraudulent invoices.
## Mitigations
The WEF report calls for non-technical, coordinated action:
- **Collaborative Action:** Coordinated action across international boundaries and industries is required.
- **Decisive Leadership:** Requires decisive leadership and shared accountability across sectors.
- **Collective Baseline:** Commitment to lifting the collective baseline of security resilience, ensuring it is accessible to all organizations.
## Conclusion
The shift in concern from ransomware to sophisticated cyber fraud, including vishing and smishing, indicates a maturation of common attack techniques leveraged against personnel. Addressing this requires a strategic, societal focus involving cross-sector collaboration rather than purely technical countermeasures alone. The acceleration driven by AI further compounds the urgency to establish organizational and international resilience frameworks.