Arcati 2026 | Security, Risk, and Resilience

Security and risk management remain central to how organizations operate and evolve their mainframe environments. In the 2026 Arcati Mainframe User Survey, respondents describe security as an embedded operational discipline that shapes priorities, tooling, and governance over time.

The data reflect managed risk rather than instability. Security is treated as continuous stewardship aligned with the mainframe’s role in supporting sensitive, high-impact workloads.

Security Priorities Reflect Targeted Focus

Respondents were asked to identify the security capabilities that represent the highest priorities within their mainframe environments.

Responses cluster around protection of core workloads, access control, monitoring, and governance. Organizations are not attempting to treat every possible threat equally. Instead, priorities reflect structured risk assessment tied to business continuity and regulatory obligations. This suggests security investment is focused and deliberate.

From Priority to Practice: Security Tools in Active Use

The data show broad deployment of security controls across access management, monitoring, governance, and protection. Many organizations report using multiple categories of tools, indicating layered approaches rather than reliance on a single mechanism. Surprisingly, only 20% use MFA, 22% use Privileged Access Management, and 23% use SIEM/security monitoring integration. 

Security in these environments may be operationalized through daily system management, but there is room for improvement.

Incident Trends Suggest Stability

To understand whether security concerns translate into operational disruption, respondents were asked about changes in cybersecurity incidents that affected business-critical mainframe workloads over the past 12–24 months.

The responses indicate relative stability rather than escalation, with more than 60% citing no change or a decline in incidents. While it reveals that security actively managed, the survey provides no evidence of widespread increases in events affecting core mainframe systems. This reinforces a consistent pattern: the mainframe continues to operate within defined risk parameters even as the surrounding environment becomes more complex.

Concern Is Broad but Not Alarmist

Respondents were also asked how worried their organizations are about specific risk categories.

Across most categories, the dominant response is “somewhat worried” rather than “very worried.” Higher-intensity concern clusters around ecosystem-driven risks, including third-party exposure, regulatory compliance, ransomware, and supply chain vulnerabilities.

Concerns intrinsic to the mainframe itself, including unplanned downtime or legacy vulnerabilities, are rated at lower intensity by comparison. This distribution suggests awareness without acute alarm. Risk attention is concentrated at integration boundaries and external dependencies rather than at the core platform.

Security as a Stabilizing Influence

Across the 2026 data, security does not appear as a catalyst for platform exit or rapid architectural upheaval. Instead, it functions as a stabilizing force. Security considerations reinforce incremental modernization, disciplined change management, and continued reliance on the mainframe for high-impact workloads.

Protection and continuity are treated as foundational. Modernization occurs within that framework, not outside it.

The next section examines how economic considerations and long-term planning shape mainframe investment decisions.

                    From Our Report Sponsor