{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
EB styles XF
Canadian CISO agenda
Explore findings from our 2025 Global Digital Trust Insights
Cyber risk is the top risk identified by the respondents to our 2025 Global Digital Trust Insights survey, outpacing both digital and technology risk and inflation. However, most organizations are unprepared and behind in implementing cyber resilience across all the measures we asked about in the survey.
As in previous years, we continue to see a significant disconnect in collaboration and transparency between security executives (CISOs) and the rest of the C-suite. Many CISOs aren’t involved in organization-wide strategic planning and investment discussions about key technology initiatives that impact cyber resilience. In addition, there are gaps between CEOs’ and CISOs’ assessments of their organization’s cyber future-readiness, defined in terms of ability to understand changing cyber threats, respond to incidents quickly and comply with cyber regulations.
Here we’ve highlighted four key areas of opportunity for Canadian CISOs from our survey findings.
Our annual Global Digital Trust Insights survey is the longest-running and largest cybersecurity survey of its kind. This year, it reflects the views of 4,042 business and tech executives from 77 countries and a range of industries and organization sizes.
As the cybersecurity landscape evolves, many organizations are struggling with increasingly volatile and unpredictable threats. Organizations’ attack surfaces are expanding, spurred by growing reliance on cloud, artificial intelligence (AI), connected devices and third parties.
However, the top cyber threats identified by global respondents are the ones they feel least prepared to address. This gap highlights the urgent need for better investments and stronger response capabilities. In the face of a more sophisticated threat landscape, a threat-informed cyber investment strategy is essential.
There’s an opportunity for CISOs to evaluate which threats jeopardize their business the most and communicate this to the rest of the C-suite. Organizations must prioritize investments to mitigate the most pressing cyber risks and assess where people, process and defence capabilities can be most strategically deployed.
The top cyber threats found most concerning by global respondents are ones organizations feel least prepared to address: cloud-related threats, hack-and-leak operations, third-party breaches, attacks on connected products and ransomware
Given the increasing sophistication of attackers and shifting tactics, techniques and procedures, including those related to AI such as deepfakes, when it comes to cyberattacks, it’s not a question of if but when. This means cybersecurity shouldn’t be just about prevention and detection—it must also be focused on recovery.
The fact that only 2% of companies have fully implemented cyber resilience actions across their organization suggests the great majority of companies could be unprepared in the event of a cyberattack relative to response and containment. To close the resilience gap, organizations need to shift from reactive to proactive cybersecurity strategies. This includes better risk anticipation, more strategic budget allocation and a commitment to continuous improvement.
CISOs must be at the table for these conversations. It’s up to them to make the business case to the rest of the C-suite for why they should participate in all the decisions involved in their organization’s cyber resilience strategy, including those related to addressing technical debt and redundancies.
Only2%
of global respondents have implemented cyber resilience actions across their organization in all areas surveyed
With 77% of executives expecting their organization’s cyber budget to increase in the next year, it’s clear cybersecurity is a business priority. As such, it’s quickly becoming a key competitive differentiator and a way to maintain stakeholder trust and brand integrity.
The top cyber investment priority in the next year for business executives is data protection and trust, and the top investment for tech executives is cloud security. As cyber threats escalate, a strong cybersecurity posture isn’t just about protection. It’s also about building a reputation on which customers and stakeholders can rely.
CISOs have an important role to play in translating the business case for data protection and cloud security investment priorities to chief financial officers (CFOs) based on the value of key outcomes. An important example is reducing the time to recover mission-critical data.
48%
of business executives globally are prioritizing data protection and trust as the top cyber investment in the next year
34%
of tech executives globally are prioritizing cloud security as the top cyber investment in the next year
Regulatory frameworks are asking companies to swiftly comply with a growing array of complex requirements. The surge of new regulations globally underscores the urgent need for organizations to align their practices to these heightened expectations.
Cyber regulations are driving positive change, with 96% of global respondents saying they’ve increased their investment in cybersecurity due to regulation over the last 12 months. However, CEOs are much less confident than CISOs in their organization’s ability to comply with regulations, especially those related to AI and resilience.
To increase confidence and help elevate compliance to a strategic imperative, CISOs must deliver frequent data-backed reporting to other executive leaders on the state of regulations that directly impact their organization. There’s also an opportunity to establish a trusted cyber risk quantification system to make informed decisions and prioritize strategic investments.
96%
of global respondents say their organization’s cybersecurity investment has increased due to cybersecurity regulations over the last 12 months
Download our C-suite playbook: Bridging the gaps to cyber resilience
A board’s guide to the NIST Cybersecurity Framework for better risk oversight
NIST post-quantum cryptography standards: Key questions and actions for implementation
Quantum next: Navigating a new cyber threat landscape
Building data trust: Canadian Consumer Privacy Protection Act (CPPA) impact and readiness survey
Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada
Tel: +1 416 815 5306
Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada
Tel: +1 604 806 7603
Partner, Cybersecurity, Privacy and Financial Crime, PwC Canada
Tel: +1 416 687 9139