In a landscape increasingly dominated by technological advancements, cybersecurity has established itself as one of the foremost business risks influencing corporate strategies. Despite widespread acknowledgment of the importance of these issues, many companies have recognized their inadequacies in responding effectively, particularly in light of a volatile policy environment. This insight was shared by executives during discussions with PwC, a global consultancy firm.

The prominent consultancy conducted a survey involving over 600 American executives in March, aimed at uncovering trends within the C-suite regarding operational resilience and risk management. Interestingly, while a majority of respondents reported that they feel ahead of competitors on issues related to operational efficiency and supply-chain resilience, their approach to risk management often appears reactionary rather than proactive. This defensive posture indicates a significant concern among executives regarding their organizations’ abilities to navigate emerging threats.

Since the initial 15 months of President Donald Trump’s second term, companies have made noticeable adjustments to respond to a faster and more unpredictable operating environment. Their adaptations reflect the shifting dynamics that have emerged within the business sphere. A stark statistic from the report highlights that 60% of companies regard cybersecurity as one of their top three risks; however, only 6% feel confident in their competence to address these risks effectively. Morgan Adamski, a former executive director at U.S. Cyber Command and now a principal at PwC, emphasized the crucial gap between awareness and actionable capability during a media briefing. “What that says to me is that, while people care about it, they very much recognize that there are a lot of things that they don’t quite know how to deal with in terms of challenges,” Adamski explained.

According to the report, a significant 38% of executives noted an uptick in technology and artificial intelligence investments since January 2025. This increase in spending represents the most commonly cited action taken by companies, closely accompanied by broader operational strategies and risk adjustments. Alarmingly, 68% of these executives acknowledged that cyberattacks pose a moderate to serious risk to their organizations. Furthermore, 56% of respondents indicated that cybersecurity and technology disruptions had substantially driven strategic business changes within the last six months.

However, PwC’s assessment raises concerns over the consequences of collective actions taken by companies in light of similar pressures. When organizations take analogous steps in response to overlapping threats, they risk diminishing their competitive edge, subsequently creating baseline expectations rather than fostering distinctive advantages in the marketplace. Adamski pointed out that while attackers frequently exploit the same vulnerabilities, the integration of AI into the fray has changed the scale, scope, and speed of these attacks, amplifying existing challenges for corporate defenders.

“AI is increasing the scope, the scale, and the speed in which adversaries are being able to exploit weaknesses in our networks,” Adamski stated, noting that defenders are struggling to incorporate these technologies swiftly enough to keep pace with emerging threats. This predicament resonates with findings in the report, where 81% of executives expressed a belief that they remain at least a year away from realizing meaningful returns from AI investments, beyond mere efficiency improvements.

Amid these challenges, the federal policy landscape has experienced dramatic shifts since the inauguration of the second Trump administration in January 2025. Companies are now faced with the daunting task of recalibrating their cybersecurity strategies in real-time. The Biden era’s regulatory frameworks have been rolled back, resulting in a plethora of new directives that complicate compliance expectations, leading to an atmosphere of uncertainty about long-term standards and public-private partnerships.

As executives look to the future, planning for such uncertainties is paramount, with 69% of respondents identifying a complex regulatory environment as posing a moderate or severe risk to their business operations. PwC’s findings underscore the unsettling reality that while cyber risks are widely recognized and extensively funded, the management of these threats remains inconsistent across sectors. This disconnect highlights the growing need for companies to adopt more robust strategies in navigating the complex digital landscape and safeguarding their interests effectively.