PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage

PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage American Corporations Upping Spend on AI and Technology Chris Riotta (@chrisriotta) • April 13, 2026     Credit Eligible Get Permission Image: OliviaCraft/Shutterstock Cybersecurity now ranks among the most significant business risks shaping corporate strategy, even as many companies acknowledge they lack the capability to respond effectively - particularly amid a turbulent policy environment, executives told PwC. See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready? Companies largely respond to risks and disruption from a defensive posture, despite the majority of survey respondents telling the consultancy they feel ahead of their competitors in areas including operational efficiency and supply-chain resilience. PwC surveyed more than 600 American executives in March to look for C-suite trends. Companies have adapted to a faster and more unpredictable operating environment following the first 15 months of President Donald Trump’s second term, executives told researchers (see: Trump Rewrites Cybersecurity Policy in Executive Order ). "60% of companies look at cybersecurity as one of their top three risks, but only 6% of those companies actually are able to say that they feel capable to be able to address those risks," said Morgan Adamski, a former executive director at U.S. Cyber Command who now serves as a principal at PwC. He spoke Wednesday during a media briefing ahead of the report’s release. "What that says to me is that, while people care about it, they very much recognize that there are a lot of things that they don't quite know how to deal with in terms of challenges, things that they should prioritize [and] how they should tackle the threats." The survey showed 38% of executives said they have increased technology and artificial intelligence investments since January 2025, making a larger technology spend the most commonly cited action in the report, alongside broader operational and risk adjustments. 68% percent of executives said cyberattacks pose a moderate or serious risk to their companies. Another 56% said cybersecurity and technology disruption has significantly driven strategic business changes over the previous six months. The consultancy warned that many companies are taking the same actions against the same pressures, which can hinder competition since those moves stop creating business advantages and instead become new baseline expectations. Adamski said attackers still rely on many of the same underlying vulnerabilities, but AI is changing the pace of exploitation. "AI is increasing the scope, the scale and the speed in which adversaries are being able to exploit weaknesses in our networks," she said. Defenders are struggling to integrate the technology quickly enough to keep up. That tension is echoed in the report, with PwC finding that 81% of executives believe they are still at least a year away from seeing meaningful returns from AI beyond gains in efficiency. Federal policy has gone through abrupt shifts since the January 2025 inauguration of the second Trump administration, forcing companies to adjust cyber strategies in real time. The White House has rolled back elements of prior federal cyber and AI guidance while advancing new directives that narrow some compliance expectations but leave questions around long-term standards, enforcement and public-private coordination. Executives are planning for that uncertainty to persist, with 69% of respondents saying a complex regulatory environment poses a moderate or serious risk to their business. PwC found that, for most companies, the result is a market where cyber risks are widely understood, heavily funded - and yetstill unevenly managed.