Only 2% of businesses have implemented firm-wide cyber resilience, even as cyber security concerns are top-of-mind and the average data breach exceeds US$3M: PwC 2025 Global Digital Trust Insights

7 October 2024 – Almost four-fifths (77%) of organisations expect their cyber budget to increase over the coming year as organisations cite unpreparedness to an ever-expanding surface of cyber vulnerabilities, according to PwC’s 2025 Global Digital Trust Insights survey, released today.

The survey, which surveyed 4,042 business and tech executives from across 77 countries and territories, finds that only 2% of companies surveyed have implemented cyber resilience across their organisation, even as more than three-fifths (66%) of tech leaders rank cyber as the top risk their organisation is prioritising for mitigation over the next 12 months. This comes as the average cost of a data breach across all respondents is US$3.3M.^[1]

As organisations increasingly operate across digital platforms, two-thirds (67%) note GenAI has increased their attack surface over the last year.

This year’s survey findings highlight that what worries organisations most is what they’re least prepared for. The top four cyber threats found most concerning — cloud-related threats (42%), hack-and-leak operations (38%), third-party breaches (35%) and attacks on connected products (33%) — are the same one's security executives feel least prepared to address.

Anthony Fellowes, Director, PwC Bermuda, said: “PwC’s latest survey emphasizes the critical importance of cyber resilience in today's digital landscape. The survey underscores that safeguarding against emerging risks is a collective effort, spanning from the boardroom to every individual employee. Accountability is key as we navigate evolving threats by embracing new technologies, adhering to foundational cybersecurity principles, and allocating resources to fortify the organization's future.”

Companies look to GenAI to bolster cyber resilience

As companies contend with cyber security concerns, almost four-fifths (78%) of leaders surveyed have ramped up their investment in GenAI over the last 12 months, with 72% increasing their risk management investment in AI governance. This comes as two-thirds (67%) of security leaders note GenAI has expanded the cyber-attack surface over the last year, ahead of other technologies such as cloud technology (66%), connected products (58%), operational technology (54%) and quantum computing (42%). But while leveraging GenAI remains key to cyber resilience strategies, organisations face several challenges when incorporating the technology, notably with existing systems/processes (39%) and a lack of standardised internal policies governing its use (37%).

The cyber security resilience imperative

Despite the clear threats and a lack of preparedness, the survey findings highlight organisations are nevertheless taking action. More than three-quarters (77%) expect their cyber budget to increase over the coming year, with nearly half (48%) of business leaders prioritising data protection and data trust as the top cyber investment over the next year. Tech leaders, on the other hand, note cloud security (34%) remains their top-priority. Almost one-third (30%) of organisations expect cyber budgets to increase by 6-10% next year, while one-fifth (20%) expect budgets to increase by 11% or more.

There is also a clear cyber security imperative. Organisations cite investment in cybersecurity as a key differentiator for competitive advantage, with 57% citing customer trust and 49% citing brand integrity and loyalty as primary drivers for such investment. In the backdrop, cyber regulations are also driving investment – with 96% reporting such regulations to have increased their cyber investment in the last 12 months.

^{[1] Respondents were asked to estimate the cost of their most damaging data breach over the last three years. Respondents selected from a predetermined set of cost bands and the mean cited above was calculated from grouped data. Of those who responded, 16% cited organisational revenue of more than US$10 billion (v. 31% in 2024), 11% between $5-10 billion, 32% between $1-5 billion, 39% with less than $1 billion, and 1% preferred not to disclose.}