Tech and infrastructure transformation risks: PwC

This series explores how taking a portfolio-wide approach can help organizations align transformation efforts, reduce risk, and drive meaningful outcomes across business, tech, and controls.

When it comes to tech, managing transformation risk is more than just upgrading while avoiding outages. It’s your opportunity to find value through improved processes, enhanced technologies, and enabling your business.

In our May 2025 PwC Pulse Survey, 81% of CIOs, CTOs and other tech leaders told us they’re prioritizing future-proofing technology architectures. When you’re leading transformations, you need to think of the bigger picture. How are you defining the future state technology required to enable and sustain new business models? How are you addressing the risks that come with these initiatives? Are you evaluating delivery, support, and technical dependencies across your portfolio?

Don’t just blindly update your systems so they stay supported—tech transformations are where strategy and implementation can meet. The infrastructure you build can enable new business models, new workloads, and new success. How you design your architecture—how flexible, scalable, and reliable it is—determines how much value you’ll get out of it.

Before you dive into a major tech transformation, here’s what you should ask.

“Inadequate or brittle systems create integration bottlenecks and downtime, preventing scalable, compliant, future-ready operations.”

Sarah Best,Principal, Digital Assurance & Transparency, PwC US

What are the most pressing tech and infrastructure transformation risks today?

Technology and infrastructure are key enablers in most modern transformations. But the risks and challenges you face in any specific transformation can vary—adopting a new cloud platform for HR, for instance, has a very different risk profile than introducing automation into your financial planning forecasts.

Despite these different dependencies, we can piece together a broad framework to help understand some of the most common tech and infrastructure risks. You’ll often find the main hurdles come from not fully understanding your objectives—the why behind your strategies.

It’s good to leave behind a legacy, but legacy technology is better left in the past. Outdated tools and architectures can lead to system incompatibilities, project delays, and costly budget overruns, not to mention cyber risks and security vulnerabilities. Even if they seem reliable to you now, working with outdated tech won’t enable your future business.

Example: Mainframe technologies that are primarily record-oriented are tied to the platform’s native capabilities. Yes, switching to a more modern data lake solution that can handle structured and unstructured data will require a full data migration, including cleansing and validation, but that beats depending on older, outdated platforms that limit integration and functionality, decrease efficiency, and reduce your ability to deliver results.

You’re going to need room to grow. Underestimating demand can lead to your systems failing under an unexpectedly heavy load. Likewise, without reliable redundancies in place, single points of failure can lead to widespread outages.

Example: A retailer migrating to cloud infrastructure who underestimates peak holiday traffic may very likely experience timeouts and failed transactions. And in keeping a solitary database, a single disc corruption can cause an outage of all dependent services like checkout, order tracking, and inventory display.

Sometimes it really is just a matter of money. Transformations often exceed budgets due to scope creep or underestimation. And with limited resources, you may find your programs competing with each other for staff or financing. Some benefits may also be delayed or hard to quantify, resulting in unclear ROI.

Example: Stakeholders requesting added applications or advanced analytics midway through a project can mean extra development time, new integrations, or specialized skill sets—none of which were in your original budget.

You depend on others. Whether it’s for cloud services, security monitoring, product tracking and delivery, or anything else, your success depends on doing business with others—and third-party failures can impact your core operations. Relying too heavily on a single vendor can limit flexibility. And keep in mind that other organizations might not meet the same security standards you set for yourself.

Example: A shipping company you use for sourcing and delivery may not keep up to date with their own security for regulatory compliance. A shutdown for them can back up your own business with upstream or downstream delays.

Sometimes you trip yourself up. When the pace of innovation speeds faster, it’s easy to rush and make mistakes. But it’s also possible to focus so heavily on one thing that you miss another. Over-prioritizing innovation means you may neglect current operations or alienate core customers. And rapid technological changes can lead to a buildup of unsustainable shortcuts, accruing technical debt.

Example: Launching an AI-driven inventory system can be a great way to speed up your processes. But if you skip rigorous testing in your push to innovate, you may encounter inopportune system outages—which can erase any promised efficiency gains, create delays and stock inaccuracies, erode trust, and incur technical debt with quick-fix patches.

What can I do to help reduce tech and infrastructure transformation risks right now?

The No. 1 thing you can do to help reduce tech and infrastructure risks is to clearly set alignment goals early. Don’t start until you have a reliable transformation plan in place. This way, you’ll have a chance to help prevent issues before they have an opportunity to grow.

Here are a few things you can do to preempt and mitigate the different types of common risks.

If you can reach alignment beforehand, you may be able to avoid this issue entirely. But if you already have old tech in need of replacing, take a full inventory of what’s obsolete so you can build out a sound replacement strategy. Consider also what technology may become obsolete in the near-term, like an ERP that’s approaching the end of its life cycle. Prioritize modular, interoperable architectures and consider multi-cloud or hybrid approaches.

Do a retroactive look at your system load. You’ll want to analyze whether spikes and troughs in your usage are predictable. Can you set up rules to automatically accommodate your needed compute? You may be periodically overpaying or undersupplying your actual needs. Forecast growth scenarios to understand your evolving business needs and as an input into your solution. After analyzing the past, consider where your company’s headed. Based on what you think you need, define KPIs that are responsive to those needs—whether that’s based on response time, uptime, number of users, ability to integrate with other technologies, or something custom to your environment.

Having measurable KPIs—especially when calculating value added—is essential to weighing risk and reward accurately. Get your transformation team together and ask, “What does good look like?” Establish clear business cases and measurable KPIs up front, and stage-gate investments to create regular check-in points. Monitor your transformation’s progress with a FinOps framework.

You’re not operating alone—but neither are your risks. Shared accountability can become a vulnerability if your vendor missteps. Make sure your transformation program considers multiple options for evaluating vendor selection, emphasizing not just cost but flexibility and clear risk ownership. Set a vendor management office to assess and document where vendor responsibilities end and yours begin—and monitor your vendor’s performance.

Also consider recovery time and point objectives (RTO and RPO) in deciding if and when backup vendor strategy might help. Build relationships with more than one provider when you can, and think through alternative safeguards—like detailed service-level agreements—when that’s not an option. Up-front due diligence and ongoing contingency planning can help keep your momentum from stalling.

Transformations built for the future still need to run today’s business. Find the balance. Modern DevOps or agile delivery frameworks can help you test and iterate without taking critical systems offline. Create guardrails that let you innovate without compromising core performance. Stability doesn’t mean slowing down. It means scaling what works, sustainably.

Where can I get help?

Trusted assessments can help you contextualize your transformation efforts within broader market pressures, competitor moves, and economic headwinds, offering an external view that helps reduce exposure and preserves transformation value.

At PwC, we use our transformation risk insights framework in pre-implementation assessments to identify critical risk points and interdependencies across verticals and stakeholders early, so you can course-correct before they escalate. These milestone assessments provide timely, high-impact recommendations that enable smarter decisions, protect value, and reduce the cost of compliance by reducing rework.