How tech companies can adapt to face evolving cybersecurity threats

As technology evolves, so do threats to it—a reality that businesses in the tech industry contend with daily. Cybersecurity awareness is critical, and firms should ensure they have a cybersecurity solution or plan that “evolves with developing or emerging technologies,” says Justin Krieger, a technology, media and telecommunications co-leader and senior analyst at RSM Canada.

This situation is particularly pressing when it comes to the development and use of artificial intelligence by tech companies. “Every tech company right now is finding a way to become more operationally efficient. To do so, they're probably leveraging, or thinking of leveraging, some sort of AI, either through their own development or through an open-source third party,” Krieger says.

But therein lies a cybersecurity threat: Just like companies can use the latest AI to their benefit, hackers can use it to look for vulnerabilities.

“As much as you're investing in AI and new, evolving technologies and investing in your business, you need to invest in things that are going to protect your business,” Krieger says.

That investment poses a challenge of its own. For tech companies in the early to midmarket stages of their business and those in full-on growth mode, Krieger notes that the information technology budget allocated to cybersecurity is “certainly lower than it should be.”

“It's expensive to care about cybersecurity,” he says. “These earlier-stage companies are not thinking about it as much as they probably should be.

“You can't protect everything, and you need to be a little bit reasonable,” he adds. “But if you need the platform for your business to grow, then do you really have a choice at the end of the day?”

A holistic approach

While there are no absolute guarantees with any cybersecurity strategy, Krieger recommends that tech companies work with risk consulting professionals to properly assess where the most serious risks lie. This is particularly important for companies building their own tech platforms or leveraging open-source third-party AI as part of their operations.

“Ultimately, you still need to invest in cybersecurity. And if you’re not investing in it, you’re kind of opening a door to a bad actor,” he says.

Seeing how similar businesses are approaching cybersecurity is another key element of the due diligence process, Krieger adds. Doing that research independently or in tandem with a risk consulting team can inform a company’s decision around both proactive and reactive preparation against cyberthreats.

Cybersecurity data from the Q1 2025 RSM US Middle Market Business Index survey gives tech companies “a very holistic view of what to consider” when it comes to their own practices, Krieger says. “It gives you a baseline of, ‘Hey, what are other people doing? What are my peers telling me?’”

He adds: “These stats are important because you're comparing yourself against your peers—and it's really important to do that sometimes in business.”