Cyber risk doesn’t usually change overnight. What does change is how leaders experience it, and which consequences feel hardest to absorb at a given moment.
That shift is clear in the latest signals coming from senior leadership circles. The World Economic Forum’s Global Cybersecurity Outlook 2026 shows that cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026. For many business leaders, fraud now feels like the most immediate and damaging threat they face.
At first glance, that suggests a turning point in the threat landscape.
Yet the operational picture tells a more complicated story. Data from Check Point Research shows that cyber attacks remain relentless. In December 2025 alone, organisations experienced an average of 2,027 attacks per organisation per week. There was also a 60 per cent increase in publicly reported ransomware attacks icompared to December 2024.
So what’s really happening here?
Why is fraud now dominating executive concern at the same time that ransomware activity continues to rise?
Why Fraud Has Risen to the Top of CEO Cyber Priorities
The TL;DR is that fraud is the cyber risk that feels most personal to leadership teams.
When fraud happens, money leaves the business. Customers are affected. Trust is tested. Regulators may get involved. These outcomes are visible, easy to explain, and difficult to downplay once they surface. For CEOs and boards, fraud rarely feels abstract.
The WEF findings reflect this reality. The report shows that nearly three quarters of respondents said they or someone in their network experienced cyber-enabled fraud in 2025. That’s not a distant risk scenario. It’s lived experience, shared between peers, investors, and board members.
Fraud also maps cleanly to executive accountability. Financial loss prevention, reputational risk, and regulatory exposure all sit squarely at the leadership level. When those areas are threatened, attention follows quickly.
Ransomware can create the same outcomes, but often later. Fraud tends to hit first, and it often hits loudly. That immediacy matters in the boardroom.
The CISO View Tells a Different Story
The WEF report includes a detail that explains much of the tension. While ransomware dropped out of the top three concerns for business leaders, CISOs continue to rank it as their primary worry, followed by supply chain disruption.
This isn’t disagreement. It’s perspective.
CISOs spend their time looking at how attacks unfold. They track initial access, lateral movement, privilege abuse, and dwell time. They see the pathways that turn a small mistake into a large incident. From that vantage point, ransomware is still a persistent and highly reliable threat.
It’s also predictable in the worst way. Ransomware doesn’t need novelty to work. It just needs scale, opportunity, and weak points that are slow to close. Those conditions still exist across many enterprise environments.
So while executives focus on the impact they can see, security leaders focus on the mechanics that create it.
Ransomware Activity Isn’t Slowing Down
Check Point’s December 2025 data makes one thing clear. Ransomware isn’t fading into the background.
Overall cyber attack activity is rising steadily rather than spiking dramatically. In December, attacks increased by 1 per cent month over month and 9 per cent year over year. Those figures may sound small on paper, but they point to a more important reality.
Which is that most enterprises are operating under constant pressure, with little downtime between waves of hostile activity. And ransomware is a key part of that pressure. In December 2025, there were 945 publicly reported ransomware attacks. That number shows attackers are successfully targeting large numbers of organisations.
We should mention that these figures are drawn from victim disclosures posted on double-extortion ransomware sites, and that approach has limits. Not every organisation reports an incident, and some groups manipulate listings to stay visible. Even so, the message is consistent.
Attackers are still finding targets, and they’re still getting paid often enough to keep scaling.
That helps explain why CISOs continue to prioritise ransomware, even as executive concern shifts toward fraud. The threat hasn’t gone away. It’s simply become part of a broader set of monetisation tactics.
Regional And Sector Pressures Highlight Uneven Risk Exposure
Another reason headline rankings can mislead is that cyber risk doesn’t spread evenly.
Check Point’s findings show sharp differences by region. Latin America experienced the largest year-over-year increase in cyber attacks in December 2025, with organisations facing an average of 3,065 attacks per week. That increase outpaced other regions, even where overall volumes were similar.
Sector targeting tells a similar story. Education remained the most targeted industry, followed by government and nonprofits. These sectors often share common challenges. Large user bases. Legacy systems. Limited security resources. Complex identity environments.
For global enterprises, this matters. A regional spike or a vulnerable subsidiary can become the entry point for a wider incident. Averages hide those weak points until something breaks.
This uneven exposure also keeps ransomware firmly on the CISO agenda. It thrives in environments where controls are inconsistent and oversight varies across locations or partners.
AI Is Collapsing the Line Between Fraud And Ransomware
Both the WEF and Check Point data point to the same accelerant: artificial intelligence.
The WEF report describes AI as the dominant factor shaping cybersecurity risk in 2026. It expands the attack surface as organisations embed AI into core processes. It speeds up defensive response when used well. It also allows attackers to operate faster and at greater scale.
Check Point’s data adds practical detail. Enterprise use of generative AI tools is creating new data exposure risks, often outside formal governance. In December, one in every 27 GenAI prompts submitted from enterprise networks posed a high risk of sensitive data leakage. Most organisations were using multiple GenAI tools at the same time.
This is where the line between fraud and ransomware starts to blur.
Fraud becomes easier when attackers can generate convincing phishing content at scale, impersonate executives or suppliers, and tailor messages using leaked internal context.
Ransomware becomes more effective when stolen data increases extortion pressure and AI helps attackers move from access to impact that much faster.
In both cases, AI reduces friction. It doesn’t replace existing attacks. It makes them cheaper, faster, and harder to spot early.
That’s why fraud feels more immediate to executives and ransomware feels more scalable to security teams. They’re reacting to different parts of the same machine.
Why Executive Risk Rankings Can Be Misleading
A “top concern” list answers a narrow question. What feels most dangerous right now?
For CEOs, that question is shaped by accountability. They focus on outcomes they’re responsible for explaining to boards, customers, and regulators.
For CISOs, the question is shaped by exposure. They focus on the threats most likely to compromise systems and disrupt operations.
Problems crop up when organisations treat these rankings as either-or choices. Fraud or ransomware. Impact or mechanics. Board concern or security reality.
That framing creates blind spots. It can push investment toward visible outcomes while leaving the underlying pathways intact. It can also lead teams to assume that a drop in concern means a drop in risk.
The more useful question is simpler. How do these threats overlap in our environment, and where can one control reduce multiple risks?
That’s where practical threat modelling matters. Not as a document, but as a shared way of thinking.
What This Means For Enterprise Security Strategy In 2026
The signal from both reports isn’t to choose between fraud prevention and ransomware resilience. It’s to recognise that they’re connected.
For most enterprises, the same weaknesses enable both. Identity gaps. Excessive access. Poor visibility into data movement. Uncontrolled use of third-party tools.
Strengthening identity controls reduces the chance of fraud and the chance of ransomware spread. Improving data governance limits both extortion leverage and accidental exposure. Clear rules around GenAI use close off an emerging exfiltration path before it becomes normalised.
The strategic shift for 2026 is alignment. Executives and security leaders need a shared view that links impact to pathway. When that link is clear, prioritisation becomes easier and more defensible.
Final Thoughts: Perception And Reality Must Meet In Cyber Risk Leadership
Fraud hasn’t replaced ransomware. And ransomware hasn’t become less dangerous. What’s changed is how leaders experience the impact of cyber risk.
Fraud is what executives see and feel first. Ransomware is still one of the most reliable ways attackers create that damage, often alongside data theft and manipulation.
Treating them as competing priorities misses the point. They’re connected outcomes of the same evolving threat landscape.
The organisations that navigate 2026 well will be the ones that close the gap between boardroom perception and operational reality. That starts with clearer conversations about how attacks actually unfold, and ends with decisions that reduce risk across the whole chain.
EM360Tech will continue to bring those signals together, helping leaders understand not just what’s changing, but why it matters and where to act next.
Comments ( 0 )