AI‑driven phishing, deepfakes and identity theft eclipse ransomware as CEOs’ top cyber concern; experts urge vigilance as consumer fraud losses climb
Generative AI will be the dominant accelerant of cybercrime in 2026, fueling a surge in fraud, impersonation, and social‑engineering attacks that outpace traditional ransomware risks, according to new findings referenced in the latest assessments by the World Economic Forum (WEF). The shift represents a decisive change in executive priorities: what was once primarily a ransomware conversation has become a broader, more complex fight against AI‑enabled deception.
The WEF’s research shows the scale of exposure is already acute. Nearly three‑quarters (73%) of CEOs, or someone in their close professional or personal network, were affected by cyber‑enabled fraud in 2025. Attackers’ preferred tools are evolving fast: 62% of executives reported seeing phishing, vishing (voice phishing) or smishing (SMS phishing) campaigns; 37% encountered invoice or payment fraud; and 32% experienced identity theft. The through line in these incidents is the growing use of genAI to write fluent, context‑aware lures, mimic voices, and generate hyper‑realistic deepfakes that can defeat traditional warning signs.
“Recent developments in generative AI are lowering the barriers to executing all kinds of attacks while making them far more credible.” — Konstantin Levinzon, Co‑founder, Planet VPN
Consumers are feeling the pressure, too. Identity theft has become the most feared digital threat among users, with 68% citing it as their top concern, followed by stolen credit card data (61%). That anxiety is driven by hard losses: U.S. consumers alone reported $12.5 billion in fraud in 2024, a 25% year‑over‑year increase, underscoring the steep upward curve in successful scams.
“Generative AI lowers technical barriers and increases the sophistication of scams,” said Konstantin Levinzon, co‑founder of Planet VPN. “Criminal networks can now translate and localize attacks instantly, target new populations, and deploy hyper‑realistic deepfakes. We’re seeing an industrialization of fraud at global scale.”
The risks are not distributed evenly. The WEF flags rising digital safety threats to women and children, including impersonation and synthetic image abuse, as deepfake generation tools become more accessible and convincing. In parallel, attackers are expanding into non‑English markets with AI‑assisted localization, eroding the historical friction that protected certain demographics and geographies from mass‑targeted scams.
Compounding the threat landscape is a persistent cybersecurity talent shortage. Depending on the region, one‑third to as many as 70% of organizations report gaps in skilled defenders and advanced expertise. While AI can partially close this deficit by automating detection, triage, and investigation, experts warn that poorly governed AI may introduce new risks from misconfigurations and biased decisions to adversarial manipulation of AI models themselves.
Against this backdrop, the playbook for both enterprises and individuals is shifting from reactive cleanup to proactive resilience. For organizations, that means continuous security awareness training, multi‑factor authentication (MFA) everywhere, strong email and voice fraud controls, and explicit policies for verifying payments and executive requests in the era of voice and video deepfakes. It also requires model governance and red‑team testing for any AI deployed in customer journeys or internal operations.
For consumers, fundamentals still matter most: unique passwords, password managers, MFA, cautious handling of unexpected links and QR codes, and the use of VPNs on untrusted networks. “Well‑informed employees and users are less likely to fall for scams,” Levinzon said. “Security hygiene practiced daily is the most reliable buffer while institutions modernize their defenses.”
The bottom line for 2026: AI is a force multiplier for attackers and defenders alike. Those who pair education, governance, and verification‑first processes with AI‑augmented defenses will be best positioned to keep pace with a threat landscape that’s evolving at machine speed.