Middle Market AI Adoption Outpaces Cybersecurity Governance, RSM Report Finds
Event summary
- RSM's 2026 Cybersecurity Special Report reveals 96% of middle market executives express confidence in cybersecurity despite 24% experiencing ransomware attacks and 18% data breaches in the past year.
- Only 35% of middle market companies use formal AI governance frameworks, with most relying on inconsistent controls like staff training (51%) and data governance policies (46%).
- Cybersecurity budget authority is shifting, with 43% managed by CTOs, 37% by CFOs, and 34% by CISOs, reflecting integration into broader financial and technology decision-making.
- 81% of respondents plan to increase cybersecurity spending in 2026, down from 91% in 2025, indicating economic pressure is tempering investment growth.
The big picture
Middle market companies are rapidly adopting AI without proportionate investment in governance and cybersecurity frameworks, creating a significant risk gap. This trend is exacerbated by threat actors leveraging AI to scale attacks, highlighting the need for structured oversight to secure AI-enabled platforms. The shift in cybersecurity budget authority to CTOs and CFOs underscores the integration of cybersecurity into broader business transformation initiatives, but also introduces potential competing priorities.
What we're watching
- Governance Dynamics
- How the widening gap between AI adoption and governance maturity will impact middle market companies' exposure to cyber threats.
- Identity Risk
- Whether middle market firms can mature identity controls before AI expands the attack surface and drives higher costs.
- Investment Trends
- The pace at which economic pressure will continue to slow cybersecurity investment growth despite intensifying threats.
Related topics