CISOs are facing a preparedness gap

When PwC’s 2025 Digital Trust Insights survey asked more than 4,000 business and tech leaders which cyber threats they found the most concerning, five rose to the top of the rankings. The ones cited—cloud-related threats, hack-and-leak operations, third-party breaches, attacks on connected products, and ransomware attacks—pose well-known risks and won’t come as a surprise to many chief information security officers. What may be less expected is the fact that those are the same threats that survey respondents said their company is the least prepared for. 

Given rapid advances in AI, and the expanding adoption of connected devices and cloud technologies, the pressure to close that preparedness gap is more intense than ever. CISOs need to conduct their own assessment of the specific risks that imperil the business the most, and then strengthen response capabilities accordingly. 

But they can’t do this alone. Security leaders need to work with their chief information officers and chief technology officers to assess how certain threats can disrupt infrastructure security. And, with the help of the risk team, CISOs should familiarise themselves with the risks and translate the business impact to the CEO, the board, and, most critically, the CFO so that investment priorities can match cyber-risk-management priorities.

Many will face an uphill battle: fewer than half of survey respondents said their company involves the CISO in strategic planning on cyber investment, regular meetings with the board, and oversight on tech and infrastructure deployments.

But the survey also points to the potential for progress: 57% of respondents said their company positions cybersecurity as a competitive advantage for customer trust. Nearly half said the same for brand integrity and loyalty. Those findings suggest that cybersecurity is evolving as both a key market differentiator and a critical business priority. The central challenge ahead for CISOs will be getting the financial, technological and organisational resources directed to where they’re needed most.