Supply chain and AI security in the spotlight for cyber leaders in 2026
Organizations are sharpening their focus on supply chain security and shoring up AI systems
AI is accelerating security risks at unprecedented speed, the World Economic Forum (WEF) has warned, with almost all CEOs seeing it as the biggest force shaping cybersecurity this year.
According to the WEF's 2026 Global Cybersecurity Outlook report, AI-related vulnerabilities rose faster than any other category in 2025, with 87% of respondents reporting an increase.
Just over one-third of respondents revealed they'd experienced data leaks linked to generative AI while 29% said their biggest worry was the ever-increasing capabilities of attackers using the technology.
"The weaponization of AI, persistent geopolitical friction and systemic supply chain risks are upending traditional cyber defenses," said Paolo Dal Cin, global lead, Accenture Cybersecurity.
"For C-suite leaders, the imperative is clear; they must pivot from traditional cyber protection to cyber defence powered by advanced and agentic AI to be resilient against AI-driven threat actors."
All told, 94% of leaders said they expect AI to be the most consequential force shaping cybersecurity in 2026 as adoption rates continue surging across a range of industries.
"With the vast increase in AI adoption, companies are facing new technical vulnerabilities as well as having to deal with growing governance and compliance challenges, such as data leakage and model misuse, to accountability, oversight and regulatory readiness," commented Chris Newton-Smith, CEO of IO.
Supply chain security in the spotlight
The report also highlighted the continuing vulnerability of supply chains. Among large companies, 65% cited third-party and supply chain risks as their main cyber resilience problem, marking an increase from 54% who identified this area as a key issue last year.
The risk of concentration is a key factor in rising concerns, the report found, with incidents at major cloud and internet service providers demonstrating how infrastructure-level failures can trigger widespread downstream impacts.
Rob Demain, CEO of e2e-assure, said vendor concentration is an issue that could leave enterprises at huge risk of downtime or vulnerable to attacks, urging leaders to consider a broader approach.
"Even organizations with strong internal security can be exposed through software providers, managed services or operational technology partners operating in different jurisdictions,” he said.
“This is particularly relevant in the UK, where complex supply chains support everything from public services to manufacturing and energy.”
What are the top supply chain risks?
The survey found that inheritance risk – the inability to assure the integrity of third-party software, hardware and services – was the top supply chain risk, followed by visibility.
Even when strong internal controls are in place, the weakest link is often a supplier or partner. The report noted these are often smaller suppliers that lack the resources or incentives to implement robust security measures.
While two-thirds of organizations evaluate the security maturity of their suppliers, with a similar number involving the security function in procurement processes, more advanced resilience measures are thin on the ground.
Just 27% simulate cyber incidents or conduct recovery exercises, and only a third comprehensively map their supply chain ecosystems to gain a deeper understanding of cyberthreat exposure and interdependencies.
This, researchers suggested, indicates that supply chain risk management is often treated as a compliance checklist rather than as a dynamic, continuous process.
"Cyber resilience is becoming an ecosystem challenge, not an organisational one,” Demain commented.
“Continuous monitoring and shared visibility across third-party environments are now essential to understanding where real risk sits and responding before disruption cascades."
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Everything you need to know about Claude CoworkNews Users can give Claude Cowork access to specific folders on their computer, allowing the bot to autonomously sort and organize files in the background while you're working away.
-
Why trust not tech will decide the channel’s futureIndustry Insights When technology looks the same, the real differentiation comes from honesty and long-term relationships
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
