Cybersecurity risks are not merely a cost center for middle-market firms but represent a significant impediment to technological innovation, a challenge amplified dramatically for those operating in environments of high uncertainty, according to a recent report by PYMNTS.

The analysis, part of the 2025 Certainty Project, surveyed 60 chief financial officers (CFOs) from middle-market firms with annual revenues ranging from $100 million to $1 billion to examine the intersection of cyber risks and operational uncertainty. The findings indicate that while most middle-market firms express some level of concern regarding cybersecurity threats, those grappling with higher uncertainty report considerably stronger concerns and face more acute consequences, including financial losses, operational disruptions and the forced delay or cancellation of crucial tech initiatives.

Firms in high-uncertainty environments, dealing with external factors like fluctuating demand, supply chain disruptions or macroeconomic volatility, often find themselves pressured to prioritize immediate concerns over long-term investments, including innovation. This short-term focus is exacerbated by cybersecurity threats, as failure to address them can lead to direct financial losses that are more expensive than mitigation efforts. Consequently, high-uncertainty firms frequently delay or cancel technology initiatives due to cybersecurity challenges, a decision that could have long-term repercussions on their competitive positioning compared to less uncertain rivals who continue to upgrade technology. The report underscores a pressing need for scalable solutions that help firms manage the uncertainty that cyber threats introduce.

Key data points from the report highlight the disparity faced by firms in high-uncertainty environments:

Significant concern: 88% of high-uncertainty firms report significant concerns about cybersecurity threats, more than double the 42% reported by middle-market firms overall.

Innovation stagnation: 81% of high-uncertainty firms report frequently delaying or canceling innovation or technology initiatives due to cybersecurity risk considerations in the last 12 months.

Pessimistic outlook: 31% of high-uncertainty firms expect cybersecurity risks to worsen in the next 12 months, nearly eight times the 4% rate reported by low-uncertainty firms.

Beyond the impact on innovation and the amplified concerns under uncertainty, the report touches on how CFOs are attempting to counter these threats through various strategies, including AI-driven threat detection, enhanced training, and stricter operational safeguards. It also notes how the differing experiences of firms across the uncertainty spectrum highlight the need for dynamic risk management frameworks.

While most CFOs overall express optimism about cybersecurity risk levels improving in the next year, this sentiment is notably tempered among those in high-uncertainty organizations. The analysis further explores how direct financial losses and mitigation costs pose burdens, particularly for high-uncertainty firms, though lower uncertainty firms may face greater concerns over the loss of customers.



