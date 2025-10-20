AI-driven social engineering is set to be one of the most significant cyber threats in 2026, a new ISACA report revealed.

The 2026 ISACA Tech Trends and Priorities report, published on October 20, 2025, found that this type of AI threat is seen as a major challenge by 63% of the 3000 IT and cybersecurity professionals surveyed.

This is the first time AI driven social engineering has topped the ISACA report’s findings, surpassing long-standing threats such as ransomware and extortion attacks (cited among the top threats for 2026 by 54% of respondents) and supply chain attacks (mentioned by 35% of those surveyed).

The report found that IT and cybersecurity professionals widely recognize AI as both bringing new opportunities they need to get onboard with as well as new threats they are not prepared to face.

A minority of organizations (13%) said they feel “very prepared” to manage generative AI risks, half said they feel “somewhat prepared” and 25% “not very prepared” for this task.

“Most IT and cybersecurity professionals are still developing governance, policies and training, leaving critical gaps,” the ISACA report reads.

A majority acknowledged the need to invest further in AI in the future, with two-thirds (62%) of respondents identifying AI and machine learning as top technology priorities for 2026.

US AI Regulatory Environment, A “Compliance Nightmare”

Regulations, especially AI safety and security regulations, are seen by many respondents as primarily helping them closing this preparedness gap, Karen Heslop, ISACA’s VP of content development, said during a press briefing at the ISACA Europe conference on October 16.

She emphasized that the EU is the one that “leads the way in technology compliance,” including in cybersecurity and AI security.

Heslop welcomed the EU’s AI Act in principle, saying it could bring AI compliance clarity for companies operating in the EU.