Supply chain and AI security in the spotlight for cyber leaders in 2026

A glowing shield formed from glowing points and lines in an abstract landscape to represent security controls. — (Image credit: Getty Images)

AI is accelerating security risks at unprecedented speed, the World Economic Forum (WEF) has warned, with almost all CEOs seeing it as the biggest force shaping cybersecurity this year.

According to the WEF's 2026 Global Cybersecurity Outlook report, AI-related vulnerabilities rose faster than any other category in 2025, with 87% of respondents reporting an increase.

Just over one-third of respondents revealed they'd experienced data leaks linked to generative AI while 29% said their biggest worry was the ever-increasing capabilities of attackers using the technology.

"The weaponization of AI, persistent geopolitical friction and systemic supply chain risks are upending traditional cyber defenses," said Paolo Dal Cin, global lead, Accenture Cybersecurity.

"For C-suite leaders, the imperative is clear; they must pivot from traditional cyber protection to cyber defence powered by advanced and agentic AI to be resilient against AI-driven threat actors."

All told, 94% of leaders said they expect AI to be the most consequential force shaping cybersecurity in 2026 as adoption rates continue surging across a range of industries.

"With the vast increase in AI adoption, companies are facing new technical vulnerabilities as well as having to deal with growing governance and compliance challenges, such as data leakage and model misuse, to accountability, oversight and regulatory readiness," commented Chris Newton-Smith, CEO of IO.

Supply chain security in the spotlight

The report also highlighted the continuing vulnerability of supply chains. Among large companies, 65% cited third-party and supply chain risks as their main cyber resilience problem, marking an increase from 54% who identified this area as a key issue last year.

The risk of concentration is a key factor in rising concerns, the report found, with incidents at major cloud and internet service providers demonstrating how infrastructure-level failures can trigger widespread downstream impacts.

Rob Demain, CEO of e2e-assure, said vendor concentration is an issue that could leave enterprises at huge risk of downtime or vulnerable to attacks, urging leaders to consider a broader approach.

"Even organizations with strong internal security can be exposed through software providers, managed services or operational technology partners operating in different jurisdictions,” he said.

“This is particularly relevant in the UK, where complex supply chains support everything from public services to manufacturing and energy.”

What are the top supply chain risks?

The survey found that inheritance risk – the inability to assure the integrity of third-party software, hardware and services – was the top supply chain risk, followed by visibility.

Even when strong internal controls are in place, the weakest link is often a supplier or partner. The report noted these are often smaller suppliers that lack the resources or incentives to implement robust security measures.

While two-thirds of organizations evaluate the security maturity of their suppliers, with a similar number involving the security function in procurement processes, more advanced resilience measures are thin on the ground.

Just 27% simulate cyber incidents or conduct recovery exercises, and only a third comprehensively map their supply chain ecosystems to gain a deeper understanding of cyberthreat exposure and interdependencies.

This, researchers suggested, indicates that supply chain risk management is often treated as a compliance checklist rather than as a dynamic, continuous process.

"Cyber resilience is becoming an ecosystem challenge, not an organisational one,” Demain commented.

“Continuous monitoring and shared visibility across third-party environments are now essential to understanding where real risk sits and responding before disruption cascades."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.