New research from CSC’s CISO Outlook 2026 report has found that social media impersonation and defamation have emerged as the top cybersecurity threat for 2026 and beyond, followed by domain and DNS hijacking, DDoS attacks and cybersquatting. This marks a significant rise from last year, when social media impersonation and defamation ranked fifth.

The report also found that employee and executive impersonation, including deepfakes, has now entered the top five biggest areas of risk for CISOs and senior technology leaders for the first time. This suggests identity-based attacks are moving higher up the cybersecurity agenda, as criminals increasingly look to exploit trusted people and brands to deceive both employees and customers.

AI is also continuing to complicate the threat landscape, making impersonation, domain abuse and third-party risk harder to manage. According to the report, 86% of respondents now see AI-powered domain generation algorithms as a threat. And yet, CISO optimism around AI remains high. The report found that 73% of respondents say AI is more of an opportunity than a risk for cybersecurity, while only 16% see it as equally an opportunity and a risk.

Despite this optimism, supplier and partner AI use remains a major concern. In fact, 79% are concerned that suppliers’ and partners’ AI tool use poses a cybersecurity risk to their organisation. However, only 15% apply their organisation’s risk controls to all suppliers, while 70% apply risk controls only to key suppliers.

“As cybercriminals continue to leverage AI in new ways to launch targeted and widespread attacks, including those that specifically exploit domains, CISO strategies for domain risk need to evolve to keep pace with the increasing complexity of these threats,” states Ihab Shraim, chief technology officer of CSC’s Digital Brand Services. “In 2026, CISOs and security leaders must prioritise securing fundamental digital building blocks for their enterprises, like DNS, which are now considered critical infrastructure but have often been overlooked. Agentic AI could further accelerate this risk by enabling bad actors to automate reconnaissance, impersonation, and domain-based attacks at scale, making proactive domain security and monitoring more urgent for enterprises.”

Additional key findings include:

●        The majority of respondents, 72%, say the level of cybersecurity threats faced by their organisation in 2025 was either “critical” or “very critical.”

●        Looking ahead, 75% expect slightly more incidents this year, while 14% expect a significant increase. None of the respondents expects fewer incidents than in 2025.

●        Only 14% of respondents said they are “very confident” in their company’s ability to mitigate domain attacks.

●        57% use AI-based monitoring and enforcement solutions, up from 50% last year.

●        44% use AI-based solutions for threat detection and fraud prevention, up from 36% last year.

To learn more about CISOs’ top concerns and priorities for 2026, visit [LINK] to download the full CISO Outlook 2026 report. For more information on how CSC supports CISOs and security teams with domain security and management, visit https://www.cscdbs.com/.

For more cybersecurity news, click here