Oceania tech leaders face AI risks, regulation & workforce gaps in 2026

Technology and security leaders in Oceania are identifying artificial intelligence, ransomware, and regulatory complexities as the major challenges facing the sector in 2026, according to research conducted by ISACA.

The findings, based on the ISACA 2026 Tech Trends & Priorities Pulse Poll, reveal the evolving priorities of digital trust professionals in Australia and across Oceania, providing insights into industry concerns ranging from AI risks to business continuity.

AI-led threats

According to the survey, 67% of respondents from Oceania report that AI-driven cyber threats and deepfakes are their main sources of concern for the coming year. Separately, 45% cite irreparable harm from undetected or unaddressed breaches as a major worry, and 41% are focused on supply chain vulnerabilities. Issues like cloud misconfigurations, unmanaged shadow IT (38%), and regulatory complexity (36%) are also recorded as notable sources of pressure for technology professionals in the region.

The poll reached digital trust professionals spanning cybersecurity, IT audit, governance, risk, and compliance roles, aiming to capture a comprehensive understanding of leading technology priorities and upcoming risks for 2026.

AI adoption and preparedness

Generative AI and large language models (64%), artificial intelligence and machine learning (60%), data privacy and sovereignty (34%), and supply chain risk (34%) are the top technology trends identified by the survey as likely to shape organisations in the region in the coming year. This reflects global trends, yet the poll suggests that Oceania is seeing a more focused adoption of AI.

Despite this strong focus, only 8% of Australian organisations say they are very prepared for managing AI risks, including governance and training, while a further 59% describe their level of preparation as only somewhat adequate. Notably, 30% of respondents believe their organisations are not very prepared or not prepared at all for these risks.

Jo Stewart-Rattray, ISACA Oceania Ambassador, said organisations in Oceania are making progress in AI adoption, but the gap between innovation and governance is widening. "With only eight percent saying they feel very prepared for generative AI risks, there's an urgent need to balance experimentation and usage with robust oversight."

Survey participants identified AI-driven social engineering (60%), ransomware and extortion (46%), and attacks on the supply chain (36%) as the most critical cybersecurity threats for 2026.

Organisational focus areas

Looking to operational priorities, regulatory compliance was selected by respondents as a primary area of focus (58%), followed by business continuity and resilience (52%), and cloud migration and security (48%). Most tech professionals surveyed believe that increased regulation will be beneficial over the coming years, with 50% agreeing that it will support business growth and 73% expecting it to promote digital trust. However, one in four said their organisation has no plans to adopt governance, risk and compliance (GRC) tools in 2026.

Workforce demand and trust challenges

Pressure to keep pace with rapid AI development, increasingly sophisticated threats, and the challenges associated with hiring and retaining skilled staff were listed as the main professional concerns by respondents for 2026.

A third of Australian organisations surveyed (33%) plan to recruit for digital trust positions, such as audit, risk, and cybersecurity, but reported that filling these roles with qualified personnel is expected to be difficult. Meanwhile, 40% of organisations currently have no hiring plans for these roles. Among those that do intend to hire in 2026, 37% said they will increase hiring compared to 2025, 19% will reduce hiring, and 44% remain unsure of their plans.

When asked what change would most benefit their organisation's digital trust posture, 23% of respondents cited more investment in risk management for emerging technologies, followed by a proactive risk culture (17%) and modernising legacy systems (16%).

Jamie Norton, Vice Chair, ISACA Board said the findings show just how stretched Oceania's security and risk teams have become. "They're dealing with constant AI-driven threats, tighter regulation and growing expectations from executives, all while struggling to find and keep the right people," said Mr Norton. "It's a perfect storm that demands stronger leadership focus on capability, wellbeing and risk management. At the same time, it's encouraging to see many organisations recognise these gaps and start building long-term resilience through better governance, smarter investment and workforce development."

Recommendations for 2026

ISACA has outlined five recommended actions for organisations in Oceania to build digital trust and resilience in the year ahead. These include establishing robust AI governance and risk frameworks, accelerating workforce upskilling and development, modernising legacy systems and infrastructure, strengthening business continuity and cyber resilience planning, and preparing for regulatory complexity and new compliance requirements.

ISACA has also advised leaders to move beyond reactive compliance and adopt proactive governance approaches, embedding considerations of AI ethics, risk, and security at all levels of decision-making.