DIGITAL LIFE

ISACA: how to prepare for AI risks in 2026

AI-powered social engineering is considered the most significant cyber threat organizations will face in 2026, according to the new Tech Trends & Priorities Pulse 2026 survey conducted by ISACA, an organization focused on governance, audit, security, and risk management in information technology (IT).

Sixty-three percent of 2,963 professionals in digital trust areas such as cybersecurity, IT audit, governance, risk, and compliance, who shared their technology priorities, challenges, and opportunities, and what they believe will keep them awake in the coming year, cited this threat as the number one threat.

Next to this were ransomware and extortion attacks (54%), insider threats—intentional or accidental (35%), legacy system vulnerabilities (28%), and supply chain attacks (25%). According to the report, more than half (59%) of digital trust professionals expect AI-driven cyberthreats and deepfakes to keep them awake most of the night next year.

Other responses included thoughts about irreparable damage caused by a failure to detect/respond to a breach (36%) and insider threats and human error (35%).

For 41% of respondents, keeping up with the pace of change driven by artificial intelligence is their biggest professional concern in 2026, followed by the increasing complexity of threats (27%) and talent retention and hiring (23%).

AI and machine learning (62%) and generative AI and large language models (LLMs) (59%) also dominate the top technology trends or priorities that respondents predict will impact their work in the coming year. Cloud security (40%) and privacy and data sovereignty (30%) were also cited.

Despite the dominance of artificial intelligence, many survey participants do not feel ready to face it. Only 13% indicated that their organization is very prepared to manage the risks associated with generative AI solutions starting next January.

Furthermore, half reported that their organizations are relatively prepared, and 30% that they are not very prepared or not at all.

"While it may seem daunting at times, it is crucial to approach AI not just as a challenge, but as an opportunity to harness its potential for positive impact," said Pablo Ballarin, founder of Balusian SL and member of ISACA's Emerging Trends Working Group, in a statement.

He noted that by enhancing "expertise and strategies, digital trust professionals can strengthen resilience, maintain the integrity of digital systems, and promote trust across all digital platforms."

Another finding from the survey is that 32% of respondents admitted they expect regulatory complexity and global compliance risks to keep them up at night in 2026.

Still, the majority see cybersecurity-related regulation as having a positive impact: 62% believe it will drive business growth and 78% believe it will promote digital trust in the coming years.

They also cited regulatory compliance (66%) as the top focus area for their organizations in 2026, followed by business continuity and resilience (62%) and AI-related risk management (48%).

Regarding how they plan to manage their workforce, 62% said their organization will hire for digital trust roles, such as audit, risk, and cybersecurity, in the coming year. However, 44% expect to have difficulty filling these roles with qualified candidates, and 24% reported no hiring plans.

Measures to Prepare for 2026:

In the survey, ISACA also listed five recommendations for companies for 2026. They are:

1- Establish robust AI governance and risk frameworks.

2- Accelerate workforce upskilling and talent pipeline development, and invest in continuous learning, certifications, and internal mobility.

3- Modernize legacy systems and infrastructure to reduce vulnerabilities and improve agility.

4- Strengthen cyber resilience and business continuity planning by regularly developing and testing incident response plans, ransomware recovery strategies, and multi-functional crisis management protocols.

5- Prepare for regulatory complexity and international compliance requirements; monitor regulatory changes; engage with expert communities; and invest in compliance tools and frameworks.

mundophone