EB styles XF

Build a threat-informed cyber strategy

As the cybersecurity landscape evolves, many organizations are struggling with increasingly volatile and unpredictable threats. Organizations’ attack surfaces are expanding, spurred by growing reliance on cloud, artificial intelligence (AI), connected devices and third parties.

However, the top cyber threats identified by global respondents are the ones they feel least prepared to address. This gap highlights the urgent need for better investments and stronger response capabilities. In the face of a more sophisticated threat landscape, a threat-informed cyber investment strategy is essential.

There’s an opportunity for CISOs to evaluate which threats jeopardize their business the most and communicate this to the rest of the C-suite. Organizations must prioritize investments to mitigate the most pressing cyber risks and assess where people, process and defence capabilities can be most strategically deployed.

The top cyber threats found most concerning by global respondents are ones organizations feel least prepared to address: cloud-related threats, hack-and-leak operations, third-party breaches, attacks on connected products and ransomware

Focus on building cyber resilience

Given the increasing sophistication of attackers and shifting tactics, techniques and procedures, including those related to AI such as deepfakes, when it comes to cyberattacks, it’s not a question of if but when. This means cybersecurity shouldn’t be just about prevention and detection—it must also be focused on recovery.

The fact that only 2% of companies have fully implemented cyber resilience actions across their organization suggests the great majority of companies could be unprepared in the event of a cyberattack relative to response and containment. To close the resilience gap, organizations need to shift from reactive to proactive cybersecurity strategies. This includes better risk anticipation, more strategic budget allocation and a commitment to continuous improvement.

CISOs must be at the table for these conversations. It’s up to them to make the business case to the rest of the C-suite for why they should participate in all the decisions involved in their organization’s cyber resilience strategy, including those related to addressing technical debt and redundancies.

Build trust with your investment in cyber

With 77% of executives expecting their organization’s cyber budget to increase in the next year, it’s clear cybersecurity is a business priority. As such, it’s quickly becoming a key competitive differentiator and a way to maintain stakeholder trust and brand integrity.

The top cyber investment priority in the next year for business executives is data protection and trust, and the top investment for tech executives is cloud security. As cyber threats escalate, a strong cybersecurity posture isn’t just about protection. It’s also about building a reputation on which customers and stakeholders can rely.

CISOs have an important role to play in translating the business case for data protection and cloud security investment priorities to chief financial officers (CFOs) based on the value of key outcomes. An important example is reducing the time to recover mission-critical data.

48%

of business executives globally are prioritizing data protection and trust as the top cyber investment in the next year

Source: PwC 2025 Global Digital Trust Insights

34%

of tech executives globally are prioritizing cloud security as the top cyber investment in the next year

Source: PwC 2025 Global Digital Trust Insights

Stay ahead of regulatory developments

Regulatory frameworks are asking companies to swiftly comply with a growing array of complex requirements. The surge of new regulations globally underscores the urgent need for organizations to align their practices to these heightened expectations.

Cyber regulations are driving positive change, with 96% of global respondents saying they’ve increased their investment in cybersecurity due to regulation over the last 12 months. However, CEOs are much less confident than CISOs in their organization’s ability to comply with regulations, especially those related to AI and resilience.

To increase confidence and help elevate compliance to a strategic imperative, CISOs must deliver frequent data-backed reporting to other executive leaders on the state of regulations that directly impact their organization. There’s also an opportunity to establish a trusted cyber risk quantification system to make informed decisions and prioritize strategic investments.

Follow PwC Canada

Contact us

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Joanna Lewis

Joanna Lewis

Partner, Cybersecurity, Privacy and Financial Crime, PwC Canada

Tel: +1 416 687 9139