U.S. Firms Shift Cybersecurity Focus to Enterprise Risk

Enterprises in the U.S. are embedding cybersecurity into enterprise risk management and executive decision-making as AI adoption, expanding digital environments and a complex regulatory environment reshape business priorities, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm.

The 2026 ISG Provider Lens® Cybersecurity — Services and Solutions report for the U.S. finds that cybersecurity is increasingly evaluated as a business-critical capability tied to resilience, financial exposure and executive accountability rather than a standalone IT function. Enterprises are adapting to expanding hybrid and multicloud environments, integration of operational technology and rising use of generative and agentic AI by replacing fragmented security approaches with integrated architectures that provide greater visibility, adaptive protection and coordinated risk management.

“Cybersecurity has become a business discipline as much as a technology practice,” said Doug Saylors, partner and head of ISG Cybersecurity, Cloud and Infrastructure. “Organizations are aligning security investments with defense and risk reduction to strengthen long-term competitiveness.”

U.S. enterprises are replacing broad collections of security controls with risk-based programs that focus on material business exposure and measurable outcomes. Organizations increasingly use risk quantification, attack path analysis and scenario modeling to prioritize investments and communicate cyber risk to executive leadership. Boards expect clearer insight into security posture, leading companies to establish stronger accountability, defined decision rights and consistent reporting across security, IT, legal and business functions.

The rapid expansion of AI is reshaping cybersecurity from two directions. Enterprises are introducing protections for AI models, data pipelines and autonomous agents while also using AI to improve threat analysis, incident triage and security operations. Multiple AI tools require a wide range of tools to secure AI operations. Companies are adopting runtime safeguards, prompt inspection and identity-aware controls to improve visibility across AI environments and support transparent, auditable security practices as AI becomes more deeply embedded.

Business continuity and recovery readiness are increasingly central to cybersecurity strategies in U.S. organizations. Rather than measuring success solely by preventing attacks, enterprises are expanding crisis coordination to reduce operational disruption when incidents occur. Executive tabletop exercises and structured response planning have become more common as companies prepare for complex cyber events while addressing changing regulatory requirements and financial exposure, ISG says.

“The most effective cybersecurity programs no longer measure success by the number of controls they deploy,” said Yash Jethani, ISG principal analyst and lead author of the report. “Service providers are helping enterprises align security with business priorities by integrating risk analysis, AI safeguards and operational readiness into cohesive programs.”

The report also explores other trends in cybersecurity services and solutions, including growing efforts to simplify complex security environments through platform consolidation and the growing awareness of early-stage risks from physical AI and cyber-physical convergence.

For more insights into the cybersecurity challenges faced by enterprises in the U.S., along with ISG’s advice for addressing them, see the ISG Provider Lens Focal Points briefing here.

The report evaluates 80 providers across seven quadrants: Strategic Security Services (Large Accounts), Strategic Security Services (Midmarket), Technical Security Services (Large Accounts), Technical Security Services (Midmarket), Next-Gen SOC/MDR Services (Large Accounts), Next-Gen SOC/MDR Services (Midmarket) and Post-Quantum Encryption Consulting.

The report names Accenture, Capgemini, Deloitte, EY, IBM and PwC as Leaders in four quadrants each. It names CyberProof, HCLTech, Infosys, KPMG, Kudelski Security, LTM, Microland, Mphasis, NTT DATA, Persistent Systems, Rackspace Technology, TCS, Unisys and Wipro as Leaders in three quadrants each. LevelBlue and Tech Mahindra are named as Leaders in two quadrants each. Booz Allen Hamilton, Critical Start, Cyderes, Guidehouse, Hitachi Digital Services, Leidos, MITRE Corporation and NCC Group are named as Leaders in one quadrant each.

In addition, Kyndryl and Zensar Technologies are recognized as Rising Stars — companies with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants each. Cognizant, DXC Technology, General Dynamics IT, Hitachi Digital Services, Kroll, Optiv, SandboxAQ and Wavestone are recognized as Rising Stars in one quadrant each.

In the area of customer experience, EY is named the global ISG CX Star Performer for 2026 among cybersecurity service and solution providers. EY earned the highest customer satisfaction scores in ISG’s Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry.

Customized versions of the report are available from Cyberproof and Microland.

The 2026 ISG Provider Lens Cybersecurity — Services and Solutions report for the U.S. is available to subscribers or for one-time purchase on this webpage.

About ISG

ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world’s top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data and research, in-depth knowledge and governance of provider ecosystems, and the expertise of its 1,500 professionals worldwide working together to help clients maximize the value of their technology investments.

Media gallery