The report, based on views from 4,517 human resources and risk professionals across 26 markets and 12 industries, places inadequate cyber threat literacy at the top of the global risk list. Technology skills shortages, including cyber and artificial intelligence capabilities, rank third, showing how quickly digital ambition is colliding with the limits of organisational preparedness.
Marsh’s findings mark a shift in the way companies are being forced to define cyber resilience. The issue is no longer confined to firewalls, insurance cover and incident response teams. It now rests heavily on whether employees can recognise phishing, handle sensitive data, use AI tools safely and understand how everyday behaviour can expose an enterprise to financial, operational and reputational damage.
The survey says technology disruption is driving the most pressing people risks in 2026. Cyber threat literacy, AI adoption barriers and shortages of cyber and AI skills sit alongside leadership, culture, health, financial stress and labour-market constraints. HR and risk leaders were aligned on eight of the top 10 concerns, suggesting that workforce risk has moved from a specialist HR discussion to a board-level resilience issue.
The scale of exposure has grown as cyberattacks become faster, more automated and harder for non-specialists to detect. Generative AI has lowered the cost of producing convincing phishing messages, fake identities, deepfake audio and fraudulent documents. Companies are also deploying AI tools across customer service, finance, software development, marketing and operations, often before governance frameworks, employee training and data controls are fully mature.
Marsh’s separate cyber investment research reinforces the same pressure points. A global survey of more than 2,200 cyber risk leaders found that nearly three-quarters of organisations expressed high confidence in their cyber risk management strategies, yet many still faced supply-chain weaknesses and persistent ransomware concerns. Around two-thirds planned to raise cybersecurity spending in 2026, with technology, incident preparation and talent acquisition among their main priorities.
The spending surge does not remove the workforce challenge. Cybersecurity teams remain under pressure from alert fatigue, stretched budgets and difficulty recruiting people with practical experience in cloud security, identity management, incident response and AI governance. Skills shortages are becoming more specific: employers need not only more cyber staff, but workers who understand how AI changes threat detection, fraud prevention and data protection.
The findings carry particular weight for financial services, healthcare, energy, transport and public-sector organisations, where cyber incidents can quickly spread beyond internal systems. Third-party service providers, software vendors and cloud platforms have become critical points of dependency. A single weak supplier can expose multiple clients, making employee awareness and vendor governance central to business continuity.
Marsh also links successful people-risk management to commercial outcomes. Forty per cent of respondents said better management of people risks had improved workforce productivity and efficiency, while 36 per cent reported faster progress on strategic priorities such as AI adoption. That finding points to a broader argument: companies that train employees, redesign roles and strengthen governance may gain a competitive advantage rather than merely avoid losses.
Regulators and company boards are paying closer attention to AI-related cyber exposure. Supervisors in major markets are pressing financial institutions to prove that they understand how frontier AI tools can accelerate vulnerability discovery, social engineering and fraud. Boards are also facing tougher questions over whether directors and senior executives have enough technical literacy to oversee cyber and AI risks effectively.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
