Supply chain and AI security in the spotlight for cyber leaders in 2026 - IT Pro

(Image credit: Getty Images) Share Copy link Facebook X Linkedin Bluesky Share this article Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter AI is accelerating security risks at unprecedented speed, the World Economic Forum (WEF) has warned, with almost all CEOs seeing it as the biggest force shaping cybersecurity this year. According to the WEF's 2026 Global Cybersecurity Outlook report, AI-related vulnerabilities rose faster than any other category in 2025, with 87% of respondents reporting an increase. Just over one-third of respondents revealed they'd experienced data leaks linked to generative AI while 29% said their biggest worry was the ever-increasing capabilities of attackers using the technology. Make Password Security Your New Year's Resolution Get 50% off Keeper Personal and Family plans, and 30% off Keeper Business Starter today! View Deal "The weaponization of AI, persistent geopolitical friction and systemic supply chain risks are upending traditional cyber defenses," said Paolo Dal Cin, global lead, Accenture Cybersecurity. "For C-suite leaders, the imperative is clear; they must pivot from traditional cyber protection to cyber defence powered by advanced and agentic AI to be resilient against AI-driven threat actors." All told, 94% of leaders said they expect AI to be the most consequential force shaping cybersecurity in 2026 as adoption rates continue surging across a range of industries. "With the vast increase in AI adoption, companies are facing new technical vulnerabilities as well as having to deal with growing governance and compliance challenges, such as data leakage and model misuse, to accountability, oversight and regulatory readiness," commented Chris Newton-Smith, CEO of IO. Supply chain security in the spotlight The report also highlighted the continuing vulnerability of supply chains. Among large companies, 65% cited third-party and supply chain risks as their main cyber resilience problem, marking an increase from 54% who identified this area as a key issue last year. The risk of concentration is a key factor in rising concerns, the report found, with incidents at major cloud and internet service providers demonstrating how infrastructure-level failures can trigger widespread downstream impacts. Rob Demain, CEO of e2e-assure, said vendor concentration is an issue that could leave enterprises at huge risk of downtime or vulnerable to attacks, urging leaders to consider a broader approach. "Even organizations with strong internal security can be exposed through software providers, managed services or operational technology partners operating in different jurisdictions,” he said. “This is particularly relevant in the UK, where complex supply chains support everything from public services to manufacturing and energy.” What are the top supply chain risks? The survey found that inheritance risk – the inability to assure the integrity of third-party software, hardware and services – was the top supply chain risk, followed by visibility. Even when strong internal controls are in place, the weakest link is often a supplier or partner. The report noted these are often smaller suppliers that lack the resources or incentives to implement robust security measures. While two-thirds of organizations evaluate the security maturity of their suppliers, with a similar number involving the security function in procurement processes, more advanced resilience measures are thin on the ground. Just 27% simulate cyber incidents or conduct recovery exercises, and only a third comprehensively map their supply chain ecosystems to gain a deeper understanding of cyberthreat exposure and interdependencies. This, researchers suggested, indicates that supply chain risk management is often treated as a compliance checklist rather than as a dynamic, continuous process. "Cyber resilience is becoming an ecosystem challenge, not an organisational one,” Demain commented. “Continuous monitoring and shared visibility across third-party environments are now essential to understanding where real risk sits and responding before disruption cascades." FOLLOW US ON SOCIAL MEDIA Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews. You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky. TOPICS Emma Woollacott Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles. Latest AutoCAD Users may have a ransomware problem – here's what they can do Google Workspace just got a huge Gemini update You might also like CrowdStrike says AI is officially supercharging cyber attacks: Average breakout times hit just 29 minutes in 2025, 65% faster than in 2024 – and some attacks take just seconds Using AI to generate passwords is a terrible idea, experts warn Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company responded Harnessing AI to secure the future of identity ‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technology Ransomware gangs are using employee monitoring software as a springboard for cyber attacks Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affected News Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected. CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do that VIEW MORE ▸