Amid an increasingly volatile and fast-moving technology landscape, 2026 will be a challenging year for technology leaders, many of whom will have artificial intelligence top of mind as both a leading priority and point of concern, according to new ISACA research.
AI and generative tech may be transformational for organizations, but they also introduce new risks and require robust governance – one of many dynamics explored in ISACA’s 2026 Tech Trends and Priorities Global Pulse Poll, which surveyed 2,963 professionals in digital trust fields such as cybersecurity, IT audit, governance, risk and compliance.
Sixty-two percent of respondents identified AI and machine learning as top technology priorities for 2026, with predictive analytics, automation and content/code generation leading the ways it is being used. But preparedness gaps for AI risks persist: only a minority of organization feel “very prepared” (13%) to manage generative AI risks; most are still developing governance, policies, and training, leaving critical gaps.
“In traditional information security, maintenance typically involves system patching, addressing end-user needs and implementing system enhancements,” wrote John Pouey in a recent ISACA Now blog post. “In the context of AI systems, maintenance takes on an additional dimension due to the system’s capacity to evolve and learn. While a governance framework is essential to keep AI within established guardrails, algorithms must be regularly verified, performance metrics should be defined, established, and monitored, and data sets need to be verified.”
In addition to managing AI-related risk, respondents to the Pulse Poll rate managing regulatory compliance and business continuity as major focus areas for 2026, reflecting the pressure to meet new standards and withstand disruptions. Two in three respondents (66%) rate regulatory compliance as “very important,” and 62% say the same about business continuity and resilience.
When asked what will keep them up at night in 2026, 32% say regulatory complexity and global compliance risks, with fewer than 1 in 5 feeling “fully ready” for new regulations such as NIS2 (18%), DORA (18%) and the EU AI Act (11%).
On the security front, less than half of respondents (44%) are extremely or very confident their organization could successfully navigate a ransomware attack, while AI-driven social engineering (63%) and ransomware/extortion attacks (54%) are viewed as the most significant cyber threats facing organizations in 2026.