Building cybersecurity through C-suite collaboration

65%

of companies in CEE plan to increase their cyber budgets
53%

of CEE leaders rank cyber as the top risk their organisation is prioritising for mitigation
Only 2%

of businesses have implemented firm-wide cyber resilience globally

The necessity for stronger digital resilience and cybersecurity is growing against a rapidly-changing European threat landscape. As technology becomes more complex with the artificial intelligence (AI) boom at the forefront, businesses are prioritising strengthening cybersecurity and modernising to be better prepared to face threats. Chief Information Security Officers (CISOs) are also getting more involved in strategic planning.

As the cyber attack surface and AI usage expand and become more sophisticated — and connected devices and cloud technology grow in importance — achieving cyber resilience is more critical than ever. Simultaneously, we also face more physical risks than at any time in the last decade amid a rapidly evolving regulatory landscape.

Peter Durojaiye, Partner, Cybersecurity & Privacy Leader, PwC CEE

CEE findings from the 2025 Global Digital Trust Insights Survey

Boardroom priority and cyber budgets up
Cybersecurity is top-of-mind—yet only 2% of businesses have implemented firm-wide cyber resilience
“Secure AI”—“AI for Security”
Regulatory environment—increased costs but also benefits perceived

Boardroom priority and cyber budgets up

Businesses are planning to increase their cyber budgets next year—in EMEA (73%) and globally (77%). We see a similar, growing trend in CEE—65% of companies in our region also plan to increase their cyber budgets.

There is also a clear cybersecurity imperative. More organisations see cyber as a means to generate competitive advantage. Cybersecurity resilience must be a key priority, not just for tech leaders, but for the business as a whole. Prioritising cybersecurity is essential if businesses are to:

Safeguard their data and systems
Retain trust with their consumers and stakeholders
Mitigate the financial, operational and reputational costs of unpreparedness.

However, there is a disconnect between CISOs and CEOs about their organisations’ readiness, including its ability to comply with cyber regulations, the need for faster incident response times and progress in implementing technology for cyber defence. Less than half of CISOs in CEE are involved to a large extent in strategic planning on cyber investments and in oversight of tech deployments.

“For many years, cybersecurity was often perceived as more of a governance and cost function. However, it is now transforming into a clear business value-add function for the customer. Our clients, particularly in financial services, are demanding stability, operational continuity and robust data protection. This shift elevates cybersecurity to a critical board-level discussion. ”

Marek Chlebicki, PwC Partner and CEE Technology Risk Assurance Leader

Cybersecurity is top-of-mind—yet only 2% of businesses have implemented firm-wide cyber resilience

Cyber risks are top of mind, with 53% of CEE leaders ranking cyber as the top risk their organisation is prioritising for mitigation over the next 12 months (globally: 57%).

As many as 49% of CEE businesses measure the financial impact of cyber risks, while this metric stands at 70% for EMEA, highlighting the need for faster convergence of a quantitative approach in the CEE region.

Despite cyber risks being a priority for businesses, only 2% of businesses globally have implemented firm-wide cyber resilience. This leaves a glaring vulnerability—without enterprise-wide resilience, companies remain dangerously exposed to the increasing threats that could compromise their entire operation.

What worries organisations most is what they’re least prepared for. In general, technology leaders prioritise improving cloud, data and network security in 2025 to mitigate these cyber risks. CEE businesses also look to invest substantially in application security and awareness programmes, while EMEA is advancing towards GenAI to find innovative solutions.

“Secure AI”—“AI for Security”

“Secure AI”: Business and technology leaders have a mandate to leverage AI-driven capabilities to find innovative ways to serve their customers and increase operational efficiency. These imperatives mean that AI-enabled business solutions are on the rise and need to be secured. AI is already starting to accelerate new innovations and automate processes in ways we would have thought unimaginable only a few years ago. It is improving our productivity and helping us reimagine the customer experience.

“AI for Security”: Even though new and emerging technologies may increase the attack surface area, organisations are leveraging AI for cyber resilience. In CEE, 43% of companies will prioritise threat detection and response in the use of GenAI for defence over other cyber capabilities/areas in the next 12 months.

On average, 42% of CEE businesses and 52% of EMEA businesses increased their investments in emerging technologies (such as GenAI) for cybersecurity in the last 12 months.

There are clear challenges for CEE leaders in applying GenAI solutions in areas such as the implementation of data governance in their organisations, alongside the technical and knowledge requirements.

“While each organisation is different, they usually seek to harness the potential of generative AI to enhance data analysis and customer insights. However, this must be achieved responsibly. Companies must develop a clear security framework and comprehensive governance for AI. A key priority is to establish strategies, principles and operating models to unlock the power of AI in a responsible way.”

Laura Duncan, PwC Partner, Cybersecurity, UK

Regulatory environment—increased costs but also benefits perceived

As many as 73% of companies in CEE state that regulations have a moderate to significant impact on increasing their cyber investments.

While the CEE region is facing a challenging regulatory environment, CEE leaders expressed high confidence in complying with the Digital Operational Resilience Act (DORA) (43%), the Network and Information Systems Directive 2 (NIS2) (58%) and the EU AI Act (38%).

Despite the clear belief that cyber regulations are helping the organisation, there’s a measurable difference between CEO and CISO/CSO confidence in their ability to comply with these regulations. CISOs, who are on the front lines of cybersecurity, are less optimistic than CEOs about their organisation’s ability to meet these regulatory requirements. The biggest gaps involve compliance with regulations related to AI, resilience and critical infrastructure requirements.

“All the regulations for financial institutions aim to enhance customer trust. Although there are many upcoming regulations, they share a common spirit. These regulations consistently call for the stringent protection of data, responsible management of customer relationships and robust, well-documented processes. In essence, they challenge us to be well-managed, trustworthy and accountable organisations.”

Enkelejd Zotaj, CIO, Luminor Group, Estonia

See full global results of the study

Read global study

On 9 December 2024 we held a CEE webcast “Building cybersecurity through C-suite collaboration.”

We gathered business leaders from across CEE and EMEA to discuss cyber resilience strategies, the current state of cyber threats in our region, strategic budget allocation, navigating evolving cyber regulations, emerging tech and much more.

During the webcast, we explored practical insights on how Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Chief Security Officers (CSOs) in CEE are teaming with fellow executives to drive cyber resilience. Peter Durojaiye, Partner and Cybersecurity & Privacy Leader for PwC in Central and Eastern Europe, presented the CEE findings from our 2025 Global Digital Trust Insights report, reflecting the views of over 4,000 business and technology leaders on cyber resilience, C-suite collaboration, regulatory compliance and more.

The webcast uncovered insights including how business leaders in CEE are strengthening cyber resilience at an enterprise level, strategising cyber at the boardroom level and leveraging AI for cyber defence.

Missed the event? Watch the recording above.

Many thanks to our speakers and panellists:

Enkelejd Zotaj, CIO, Luminor Group, Estonia
Marek Chlebicki, PwC Partner and CEE Technology Risk Assurance Leader
Laura Duncan, PwC Partner, Cybersecurity, UK

About the survey

The 2025 Global Digital Trust Insights is a survey of 4,042 business and technology leaders conducted from May to July 2024.

Respondents operate in a range of industries, including industrials and services (21%), tech, media, telecom (20%), financial services (19%), retail and consumer markets (17%), energy, utilities and resources (11%), health (7%), and government and public services (4%).

Respondents are based in 77 countries globally. There were 230 survey participants in Central and Eastern Europe from countries such as the Czech Republic, Poland, Hungary, Slovakia, Bulgaria, Romania, Serbia, Ukraine, Kazakhstan, Estonia, Latvia and other countries.

The Global Digital Trust Insights Survey was previously known as the Global State of Information Security Survey (GSISS). Now in its 27th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.