As we celebrate Cybersecurity Awareness Month across the globe throughout October, we reflect on the excitement and challenges that organizations faced in 2025. As technology continues to advance and geopolitical factors come into play, it is a good time to reassess our approaches to risk, governance and compliance to better prepare for future developments.
ISACA’s 2026 Tech Trends and Priorities Global Pulse Poll, which surveyed more than 2,963 professionals in digital trust fields such as cybersecurity, IT audit, governance, risk and compliance, helps us to take stock, highlighting anticipated top trends for digital trust practitioners heading into 2026.
Respondents to the Pulse Poll are seeing more complex issues and significant cyber threats that organizations are ill-equipped to handle, most significantly AI-driven social engineering at 63%, ransomware and extorsion attacks at 54%, followed by insider threats (intentional accidental) at 35%. The findings highlight critical program gaps that stem from a reactive security culture that doesn’t prioritize threat modeling and focuses primarily on incident management. It also shows programs that are built to check the box for compliance, versus having a strategy to protect its crown jewels. Developing a more proactive compliance/risk culture (17%) is the top digital trust priority respondents listed, just ahead of modernizing legacy systems and infrastructure (14%).
Leaders are expecting to be kept up at night in 2026 due to AI-driven cyber threats and deepfakes (59%), failure to detect/respond to a breach causing irreparable harm (36%), and incident threats and human error (35%). It is alarming that 24% of those surveyed have no plans to hire additional roles such as audit, risk, and cybersecurity. Organizations need to develop a culture of frontline defense, invest in the right talent and continue to upskill the workforce. Doing so provides a competitive advantage to move faster, respond to emerging threats and thrive.
We also cannot ignore the ever-evolving regulatory landscape that continues to reshape how we approach cybersecurity and digital trust. Organizations are preparing for stricter requirements, heightened accountability and broader risk oversight, yet one 1 in 5 European respondents feel “fully ready” for major regional regulations such as NIS2, DORA and the EU AI Act. These regulations are not just legal mandates; preparing for these changes means aligning governance models with regulatory expectations. They are setting the tone for evolving business operations and client expectations.
Organizations must take advantage of innovative technology priorities in 2026, including AI and machine learning – 62% of respondents identified AI and machine learning as top technology priorities for 2026. If this has not already become a strategic priority for the C-Suite or Board, employees at all levels are now requesting it. The use of AI will require not only robust governance and risk frameworks to manage AI risk, but it will also require strong data practices. AI models are only as smart as their training data. Poor data can lead to poor decisions and trust erosion. When securing systems, integrating or building AI, and making strategic decisions investment in data is key.
Cybersecurity Awareness Month serves as a timely reminder that the landscape has become more volatile and requires a more adaptive, forward-looking strategy, and that digital trust is a strategic imperative. The findings from ISACA’s 2026 Tech Trends and Priorities Pulse Poll highlights the critical need for us to embrace a culture of resilience, innovation and preparedness. Investment shifts us from reacting to problems to driving growth proactively.
