Cyber risk dominates
30% selected cyber risk – data breaches, criminal threats and widespread outages – as their top risk concern.
Cyber risk is now the number one threat concern of USA-based executives. What was once seen as an IT problem has become a serious business risk, with the potential to disrupt operations, damage reputation and spread across supply chains with lasting impact.
Our tracking of USA-based executives shows strong concern about cyber risk, but also high confidence in existing resilience measures. Many believe they would recover fully - financially and reputationally - after a cyber incident. In reality, this confidence is likely to be misplaced.
Cyber criminals are increasingly using AI driven tools to run fast, large scale phishing and reconnaissance attacks. These automated systems exploit the connected nature of modern technology, making attacks quicker, smarter and far harder to detect or contain. As a result, cyber threats are escalating across economies, with less warning and greater consequences.
Resilience today must be built into everyday business planning, not treated as a one off exercise. Organisations need clear, well tested business continuity plans that allow them to respond quickly and effectively to cyber incidents.
Planning should also consider the real cost of an attack. This includes understanding how much financial impact the business can absorb, what cyber insurance is in place, where cover may be limited, and where controls or processes have gaps. Without this clarity, recovery will be slower, more expensive and more disruptive.
Source: Beazley Risk & Resilience Surveys.
The data shows cyber risk emerging as the most persistent concern over time, rising sharply from 2024 to this year. Disruption risk is more volatile, peaking in 2025 before falling back. Technology obsolescence and IP risk fluctuate over time, suggesting shifting priorities as organisations rebalance innovation, protection and resilience goals.
The resilience data shows a clear and sustained strengthening across all cyber and tech risk areas. This year a high percentage of respondents report they feel prepared to deal with disruption, cyber, IP and obsolescence risks, this is a significant change from preparedness sentiment seen in 2024.
USA-based executives are prioritising proactive resilience measures, with investment in new technologies such as AI and improved cyber security topping their agenda. Risk management and loss prevention remain central, with a lower percentage showing interest in insurance with crisis support.
Source: Beazley Risk & Resilience surveys.
This year cyber risk is a bigger concern to small firms than to larger organisations, while larger firms are showing greater concern around technology obsolescence. Disruption risk is of less concern to both sizes of firm, and IP risk concerns are similar, suggesting shared exposure as digital dependence deepens regardless of organisational size.
In 2026, executive confidence in the USA is high across all cyber and tech risks, with resilience levels above 79% for both small and large organisations. Small firms report particularly strong preparedness for cyber risk, potentially overestimating their true resilience, while large organisations feel most confident about managing IP risk.
Small and large USA-based organisations perceive cyber attack impacts differently. Large firms are more concerned about long-term disruption and third-party liability, reflecting complex supply chains and contractual exposure. Smaller firms place greater emphasis on data loss and reputational damage, highlighting sensitivity to regulatory consequences and brand trust.
Cyber risk concerns and preparedness in the USA vary markedly by sector. Public Sector and Tech, Media & Telecoms report the highest level of cyber risk concern, yet preparedness remains relatively strong. Financial Institutions and Professional Services show the widest confidence gap, combining high concern with very high perceived preparedness, while Construction perception of resilience lags behind other sectors, despite its moderate ranking of risk exposure.
Planned resilience actions vary significantly by sector. Public Sector and Education lead investment across cyber security, risk management and AI, reflecting elevated exposure. Energy, Utilities and TMT also prioritise technology and cyber controls, while Healthcare and Life Science show a notable difference in planned investment in resilience, signalling potential underinvestment despite rising digital and cyber risk.