Artificial intelligence, ransomware and regulatory complexity will dominate the agendas of Australia’s technology and security leaders in 2026, according to new research from ISACA.
More than two-thirds (67%) of respondents from Oceania say AI-driven cyber threats and deepfakes will keep them up at night next year, while 45% worry most about irreparable harm caused by failing to detect or respond to a major breach, and 41% fear supply chain vulnerabilities. Cloud misconfigurations and shadow IT (38%) and regulatory complexity (36%) also feature among the top issues expected to challenge Australian tech professionals in the year ahead.
The inaugural ISACA 2026 Tech Trends & Priorities Pulse Poll surveyed digital trust professionals across cybersecurity, IT audit, governance, risk and compliance to uncover their top technology priorities and emerging risks in the coming year.
AI TAKES CENTRE STAGE
The top technology trends expected to shape organisations in Oceania in 2026 include generative AI and large language models (64%), artificial intelligence and machine learning (60%) followed by data privacy and sovereignty (34%) and supply chain risk (34%).
These results mirror global trends but reveal a stronger local focus on AI adoption. Yet only 8% of Australian organisations say they are very prepared to manage AI risks with strong governance and training in place, while 59% are somewhat prepared and 30% not very or not at all prepared.
Jo Stewart-Rattray, ISACA Oceania Ambassador, said organisations in Oceania are making progress in AI adoption, but the gap between innovation and governance is widening. “With only eight percent saying they feel very prepared for generative AI risks, there’s an urgent need to balance experimentation and usage with robust oversight.”
AI is also top of mind when it comes to cybersecurity threats, with respondents in Oceania identifying AI-driven social engineering (60%), ransomware and extortion attacks (46%) and supply chain attacks (36%) as the top threats their organisation will face next year.
For 2026, organisations in Oceania ranked regulatory compliance (58%), business continuity and resilience (52%), and cloud migration and security (48%) as their top focus areas.
When asked about the impact of cyber regulation over the next few years, most tech professionals in Oceania believe it will be a net positive, with half agreeing regulation will drive business growth and 73% believing it will advance digital trust. Yet despite that optimism, one in four (25%) say their organisation has no plans to explore governance, risk and compliance (GRC) tools in 2026.
WORKFORCE PRESSURE AND DIGITAL TRUST GAPS
For many professionals, keeping up with the pace of AI innovation, the complexity of threats and hiring and retaining skilled staff are the top three professional concerns going into 2026, creating constant pressure.
Workforce capability remains one of the sector’s biggest challenges. One in three organisations in Australia (33%) plan to hire for digital trust roles such as audit, risk and cybersecurity in 2026 but expect difficulty filling those roles with qualified candidates. Meanwhile, 40% have no plans to hire for those positions. Among those that do plan to hire in 2026, 37% will expand hiring compared to 2025, 19% will hire fewer, and 44% remain unsure.
When asked what one change would most improve their organisation’s approach to digital trust in 2026, nearly a quarter (23%) of Australian respondents cited increasing investment in emerging technology risk management, followed by developing a proactive compliance and risk culture (17%) and updating or modernising legacy systems and infrastructure (16%).
Jamie Norton, Vice Chair, ISACA Board said the findings show just how stretched Oceania’s security and risk teams have become. “They’re dealing with constant AI-driven threats, tighter regulation and growing expectations from executives, all while struggling to find and keep the right people,” said Mr Norton.
“It’s a perfect storm that demands stronger leadership focus on capability, wellbeing and risk management. At the same time, it’s encouraging to see many organisations recognise these gaps and start building long-term resilience through better governance, smarter investment and workforce development.”
TAKING STEPS TO PREPARE FOR 2026
Based on the findings, ISACA identified five key actions to strengthen digital trust in the coming year:
- Establish robust AI governance and risk frameworks.
- Accelerate workforce upskilling and talent pipeline development and invest in continuous learning, certifications and internal mobility.
- Modernise legacy systems and infrastructure to reduce vulnerabilities and improve agility.
- Strengthen cyber resilience and business continuity planning by developing and regularly testing incident response plans, ransomware recovery strategies, and cross-functional crisis management protocols.
- Prepare for regulatory complexity and international compliance requirements; monitor regulatory changes; engage with expert communities; and invest in compliance tools and frameworks.
ISACA also encourages leaders to move beyond reactive compliance toward proactive governance, embedding AI ethics, risk and security across every layer of decision-making.
