{"id":3304,"date":"2025-10-20T22:57:38","date_gmt":"2025-10-20T22:57:38","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/10\/20\/ai-driven-social-engineering-top-cyber-threat-for-2026-isaca-survey-reveals\/"},"modified":"2025-10-20T22:57:38","modified_gmt":"2025-10-20T22:57:38","slug":"ai-driven-social-engineering-top-cyber-threat-for-2026-isaca-survey-reveals","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/10\/20\/ai-driven-social-engineering-top-cyber-threat-for-2026-isaca-survey-reveals\/","title":{"rendered":"AI-Driven Social Engineering Top Cyber Threat for 2026, ISACA Survey Reveals"},"content":{"rendered":"
\n
\n

AI-driven social engineering is set to be one of the most significant cyber threats in 2026, a new ISACA report revealed.<\/p>\n

The 2026 ISACA Tech Trends and Priorities<\/em> report, published on October 20, 2025, found that this type of AI threat is seen as a major challenge by 63% of the 3000 IT and cybersecurity professionals surveyed.<\/p>\n

This is the first time AI driven social engineering has topped the ISACA report\u2019s findings, surpassing long-standing threats such as ransomware and extortion attacks (cited among the top threats for 2026 by 54% of respondents) and supply chain attacks (mentioned by 35% of those surveyed).<\/p>\n

The report found that IT and cybersecurity professionals widely recognize AI as both bringing new opportunities they need to get onboard with as well as new threats they are not prepared to face.<\/p>\n

A minority of organizations (13%) said they feel \u201cvery prepared\u201d to manage generative AI risks, half said they feel \u201csomewhat prepared\u201d and 25% \u201cnot very prepared\u201d for this task.<\/p>\n

\u201cMost IT and cybersecurity professionals are still developing governance, policies and training, leaving critical gaps,\u201d the ISACA report reads.<\/p>\n

A majority acknowledged the need to invest further in AI in the future, with two-thirds (62%) of respondents identifying AI and machine learning as top technology priorities for 2026.\u00a0<\/p>\n

US AI Regulatory Environment, A \u201cCompliance Nightmare\u201d<\/strong><\/h2>\n

Regulations, especially AI safety and security regulations, are seen by many respondents as primarily helping them closing this preparedness gap, Karen Heslop, ISACA\u2019s VP of content development, said during a press briefing at the ISACA Europe conference on October 16.<\/p>\n

She emphasized that the EU is the one that \u201cleads the way in technology compliance,\u201d including in cybersecurity and AI security.<\/p>\n

Heslop welcomed the EU\u2019s AI Act in principle, saying it could bring AI compliance clarity for companies operating in the EU.<\/p>\n<\/p><\/div>\n

\"Credit:
Credit: RaffMaster \/ Shutterstock.com<\/figcaption><\/figure>\n
\n

On the other hand, she described the situation in the US, where several individual states are working on AI safety and security laws in the absence of federal legislation, as \u201ca compliance nightmare.\u201d<\/p>\n

\u201cSay I\u2019m a small company that operates across 12 US states. I could end up having 12 sets of laws to comply with in a single country. That’s very prohibitive,\u201d she added.<\/p>\n

Chris Dimitriadis, ISACA\u2019s chief global strategy officer, noted that while the jury is still out on the impact of AI regulation, the EU AI Act can provide \u201ca good test.\u201d<\/p>\n

\u201cNo regulation is perfect. Strict regulations may impact the economy. while the total lack of regulation may introduce risks that eventually will not help the adoption of AI because the customer trust may be impacted negatively,\u201d he explained.<\/p>\n

\u201cEverybody’s waiting to see how this new EU AI act is going to perform in practice, because having a regulation is one thing, having it implemented is another and what a company does internally in order to protect its reputation and to ensure customer trust is yet another,\u201d he added.<\/p>\n

The ISACA survey found that 66% IT and cybersecurity professionals rate regulatory compliance as \u201cvery important,\u201d and that 32% say regulatory complexity and global compliance risks will keep them up at night in 2026.<\/p>\n

Need For a \u201cStronger Army\u201d of Cyber Talents<\/strong><\/h2>\n

Another major concern raised by ISACA survey\u2019s respondents is the growing talent shortage, with only 18% considering they have a strong talent pipeline.<\/p>\n

Dimitriadis spoke of the need to \u201ccreate a stronger army\u201d to defend digital ecosystems, increased resilience and help countries to adapt to innovative technologies in a safer manner.<\/p>\n

However, many IT and cybersecurity professionals seem to see this objective as a tall order. While 39% said they will be hiring for more digital trust roles in 2026 than they did in 2025, 44% anticipate difficulty filling them with qualified candidates.<\/p>\n

ISACA\u2019s Recommendations to Prepare for 2026<\/strong><\/h2>\n

The ISACA report concluded with five key takeaways from the pulse poll findings that inform how organizations can prepare for the coming year:<\/p>\n

    \n
  1. Establish robust AI governance and risk frameworks<\/li>\n
  2. Accelerate workforce upskilling and talent pipeline development and invest in continuous learning, certifications and internal mobility<\/li>\n
  3. Modernize legacy systems and infrastructure to reduce vulnerabilities and improve agility<\/li>\n
  4. Strengthen cyber resilience and business continuity planning by developing and regularly testing incident response plans, ransomware recovery strategies and cross-functional crisis management protocols<\/li>\n
  5. Prepare for regulatory complexity and international compliance requirements, by monitoring regulatory changes, engaging with expert communities and investing in compliance tools and frameworks<\/li>\n<\/ol>\n

    The 2026 ISACA Tech Trends and Priorities<\/em> report is the result of a survey conducted between August 22 to 4 September 4, 2025 with 2966 ISACA members and non-member certification holders in digital trust fields such as cybersecurity, IT audit, governance, risk and compliance.<\/p>\n

    Read now: Closing the Cybersecurity Skills Gap: A New Perspective on Career Paths<\/em><\/p>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

    AI-driven social engineering is set to be one of the most significant cyber threats in 2026, a new ISACA report revealed. The 2026 ISACA Tech Trends and Priorities report, published on October 20, 2025, found that this type of AI threat is seen as a major challenge by 63% of the 3000 IT and cybersecurity<\/p>\n","protected":false},"author":2,"featured_media":3305,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3304-b402f3fe-90ea-4832-a9ff-02df9dc4d71d-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=3304"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3304\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/3305"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=3304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=3304"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=3304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}