One in four companies globally have suffered a data breach that cost them US$1 - 20 million or more in the past three years

Four in five organisations state that a comparable and consistent format for mandatory disclosure of cyber incidents is necessary

Jakarta, 31 October 2022 – One in four companies (27%) globally have suffered a data breach that cost them US$1- 20 million or more in the past three years, according to PwC’s annual Global Digital Trust Insights Survey, which surveys more than 3,500 senior executives across 65 countries. The percentage rises to one in three (34%) for companies surveyed in North America, with only 14% of firms globally reporting that no data breaches have occurred during the period.

Despite cyber attacks continuing to cost businesses millions of dollars, fewer than 40% of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas.  This includes, enabling remote and hybrid work (38% say the cyber risk is fully mitigated); accelerated cloud adoption (35%); increased use of internet of things (34%); increased digitisation of supply chain (32%) and back office operations (31%).

For operations-focused executives surveyed, cybersecurity of the supply chain is a major concern.  Nine in ten expressed concern about their organisation’s ability to withstand a cyber attack that disrupts their supply chain, with 56% extremely or very concerned.

Mandatory disclosure of cyber incidents is favoured

Four in five organisations (79%) surveyed state that a comparable and consistent format for mandatory disclosure of cyber incidents is necessary to gain stakeholder confidence and trust. Three-quarters (76%) agree that increased reporting to investors will be a net benefit to the organisation and entire ecosystem.  Further, the same percentage agree that governments should be expected to use the knowledge base from mandatory cyber attack disclosures to develop cyber defence techniques for the private sector.

While there is a clear preference for mandatory disclosure of cyber incidents, fewer than half (42%) of executives surveyed are fully confident their organisation can provide required information about a material/significant incident within the specified reporting period.  There is also a hesitance to share too much information – 70% said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.

Sean Joyce, Global Cybersecurity and Privacy Leader, US Cybersecurity, PwC US said: “Data breaches are a pervasive threat in today’s digital world. As cyber threats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for C-suites and boards. Companies are strengthening their cyber defences and regulators are applying pressure to improve cyber resilience and build public trust. It’s clear from our survey that a higher level of public-private collaboration is needed to address the increasingly complex cyber threat landscape  – companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber incidents.

Most organisations are increasing cyber budgets

The majority of executives surveyed said their organisations are continuing to increase their cyber budgets – 69% said the budget increased in 2022 and 65% plan to spend more on cyber in 2023.  Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning.  According to the survey, a catastrophic cyber attack ranks higher than global recession or another health crisis for organisations’ resilience planning.

Concern with cyber extends to the top of organisations.  Most CEOs surveyed are planning to ramp up action to address cybersecurity in the coming year - 52% said they will drive major initiatives to improve their organisation’s cyber posture.  Many CFOs surveyed are also planning to increase  their cyber focus, including cyber technology solutions (39%), focus on strategy and coordination with engineering/operations (37%) and upskilling and hiring of cyber talent (36%).

It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. The range of harm organisations have experienced due to a cyber breach or data privacy incident over the past 3 years include loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%). 

Sean Joyce concluded: “Despite all the progress that organisations have made in improving their cybersecurity programs, our survey shows there is a lot more to do. There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management program, continuity and contingency planning, and clear, consistent external reporting..”

Subianto, PwC Indonesia Chief Digital and Technology Officer, added, "Data breaches are a pervasive threat in today’s digital world. Based on the survey, 42% of senior executives say that the threat of cyber breaches of their systems has increased since 2020. Organisations now also believe that threat mostly comes from external threat actors, e.g. cyber criminals and hackers. On the other hand, less than 40% of organisations believe that they have completely mitigated cyber risk.”

“In Indonesia, the new POJK 11 released in 2022 and the newly ratified Personal Data Protection law do not only emphasise the importance of data protection and privacy but also set new requirements for compliance. One of the requirements of the PDP law is the mandatory reporting of personal data breaches. It’s clear from our survey that cybersecurity has become a C-suite agenda and collaboration is needed to address the increasingly complex cyber threat landscape."

Notes to editors

The Global Digital Trust Insights Survey captures the views of senior executives on the challenges and opportunities to improve and transform cybersecurity within their organisation in the next 12-18 months.  The Survey includes 3,522 respondents across 65 countries. Companies with revenues greater than US$1bn make up 52% of those surveyed; 25% have revenues greater than US$5bn.

About PwC Indonesia

PwC Indonesia comprises KAP Tanudiredja, Wibisana, Rintis & Rekan, PT PricewaterhouseCoopers Indonesia Advisory, PT Prima Wahana Caraka, PT PricewaterhouseCoopers Consulting Indonesia, and Melli Darsa & Co., Advocates & Legal Consultants, each of which is a separate legal entity, and all of which together constitute the Indonesian member firm of the PwC global network, which is collectively referred to as PwC Indonesia.

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 152 countries with over 328,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

© 2022 PwC. All rights reserved

Contact us

Cika Andy

External Communications, PwC Indonesia

Tel: +62 21 509 92901

Follow PwC Indonesia