When technology leaders gathered in London for the ISACA Europe Conference 2025, the atmosphere mixed optimism with unease. The event, a focal point for cybersecurity and governance professionals, saw the launch of ISACA’s 2026 Tech Trends and Priorities Report — research that reveals an industry transforming faster than its ability to secure itself.
The findings point to a growing paradox: artificial intelligence (AI) is both the greatest accelerator of innovation and the fastest-moving source of risk. As ISACA’s Chief Global Strategy Officer, Chris Dimitriadis, told Silicon UK, “AI represents both the greatest opportunity and the greatest threat of our time.”
Listen to the exclusive podcast with Chris Dimitriadis.
AI: The Double-Edged Sword
Over half of Europe’s cybersecurity and IT professionals now say AI-driven attacks — from deepfakes to automated social engineering — will be their biggest concern in 2026. Yet only a small minority feel confident their organisations are ready to handle the challenge.
While most enterprises are eager to explore generative AI for automation, analytics and code generation, the speed of adoption is far outpacing the introduction of governance frameworks. Few organisations have a comprehensive AI policy in place, and even fewer have invested in training staff to identify AI-related risks.
The result is a widening gap between innovation and control. Dimitriadis calls it a “trust deficit” that businesses must urgently close.
“Organisations are embracing AI’s potential but remain underprepared to manage its risks. Bridging that gap will be essential if we’re to maintain trust in technology.”
Policy Gaps and Governance Blind Spots
AI’s meteoric rise inside organisations has exposed a structural weakness: the absence of clear internal rules for its use. Many employees are already turning to generative tools to write code, analyse data, or produce content — often without any official guidance.
That lack of oversight comes with consequences. Cybercriminals are exploiting the same technologies to produce convincing deepfakes and launch highly targeted phishing campaigns. Yet even as awareness grows, investment in defensive tools such as deepfake detection and AI-risk training remains low.
The challenge, says Dimitriadis, is cultural as much as technical.
“Without clear policies or training, employees may use AI in unsafe ways or fail to spot manipulated content. Upskilling and education are as vital as technology itself.”
Training is where many organisations are now focusing their attention. A growing proportion of professionals say they will need to develop their AI knowledge within months to remain relevant in their roles — a signal that digital skills are fast becoming a survival skill.
Regulation Rises to the Top
Beyond the immediate AI threat, regulation has become another major preoccupation for Europe’s digital leaders. New rules such as the EU AI Act, NIS2 and DORA are reshaping how organisations handle cybersecurity, compliance and resilience.
But readiness levels remain low. Fewer than one in five professionals feel fully prepared for the next wave of legislation, with many struggling to interpret overlapping frameworks and enforcement deadlines.
Despite the anxiety, most believe regulation can be a force for good. A large majority of professionals agree that new cybersecurity laws will help build public trust in technology — and more than half believe compliance can actually drive business growth.
Dimitriadis sees this shift in perception as a turning point:
“When regulation is treated as an opportunity to innovate securely rather than a checklist exercise, it becomes a catalyst for resilience and growth.”
Legacy Systems and the Talent Crunch
The report also exposes deep-seated operational challenges. Outdated infrastructure continues to hold organisations back, limiting both agility and security. Modernising legacy systems remains a top priority for digital trust professionals, just behind business continuity and regulatory compliance.
However, even as technology evolves, the human skills needed to manage it are in short supply. Around two-thirds of organisations expect to hire for audit, risk or cybersecurity roles in 2026, but more than half anticipate difficulty finding qualified candidates. Only a fraction report having a strong internal talent pipeline.
Perhaps more concerning is that more than a quarter of organisations have no plans to hire for digital trust roles at all in the year ahead — a disconnect that could prove costly as the threat landscape intensifies.
AI-Driven Threats on the Rise
Traditional threats like ransomware and supply chain breaches continue to dominate, but AI has fundamentally changed the game. Nearly six in ten professionals now see AI-powered social engineering as the most serious emerging cyber threat.
Attackers are using generative tools to craft personalised scams, clone voices and create fabricated video content that can fool both individuals and automated defences. At the same time, only a handful of organisations express high confidence in their ability to recover from a ransomware attack.
The takeaway from ISACA’s research is clear: the speed and sophistication of AI-driven threats are outpacing most organisations’ ability to respond.
Building Resilience for 2026
ISACA’s report outlines five key steps organisations can take to prepare for the year ahead:
- Establish robust AI governance frameworks to manage risk and ensure ethical deployment.
- Accelerate workforce upskilling and build stronger internal talent pipelines.
- Modernise legacy systems to enhance security and agility.
- Strengthen resilience and incident response plans, including ransomware recovery testing.
- Stay ahead of regulatory change through proactive compliance and collaboration with peers and policymakers.
These priorities mark a broader shift from reaction to preparation — and from compliance to confidence.
Trust as the New Differentiator
The London conference made one point unmistakable: the pace of technological change is relentless, but so too is the industry’s determination to meet it with integrity and expertise.
Across Europe, cybersecurity and digital trust professionals are moving beyond the fear of disruption toward a more proactive stance — one that treats resilience, governance and education not as burdens, but as competitive advantages.
As Dimitriadis concluded, “The technology landscape is shifting under our feet. But with the right governance and investment in people, trust will become our greatest innovation.”
