Press Release

Only 2% of businesses have implemented firm-wide cyber resilience, even as cyber security concerns are top-of-mind and the average data breach exceeds USD3m: PwC 2025 Global Digital Trust Insights

  • Press Release
  • 10 minute read
  • 08 Nov 2024

Only 2% of businesses have implemented firm-wide cyber resilience, even as cyber security concerns are top-of-mind and the average data breach exceeds USD3m: PwC 2025 Global Digital Trust Insights

  • Almost four-fifths (77%) expect their cyber budget to increase over the coming year as only 2% say their company has implemented cyber resilience across their organisation
  • Cyber risks are top-of-mind: two-thirds (66%) of tech leaders rank cyber as their top risk for mitigation in 2024, compared to 48% of business leaders
  • Estimated cost of the average data breach is USD3.3m while cloud-related threats (42%), hack-and-leak operations (38%), and third-party data breaches (35%) rank as the highest cyber threats according to leaders
  • Four-fifths (78%) have increased their investment in generative AI (GenAI) over the last 12 months and two-thirds (67%) of security leaders state that GenAI has increased their attack surface over the last year

BANGKOK, 8 November 2024 – Almost four-fifths (77%) of organisations expect their cyber budget to increase over the coming year as organisations cite unpreparedness to an ever-expanding surface of cyber vulnerabilities, according to PwC’s 2025 Global Digital Trust Insights survey.

The report, which polled 4,042 business and tech executives from across 77 countries and territories, finds that only 2% of companies surveyed have implemented cyber resilience across their organisation, even as more than three-fifths (66%) of tech leaders rank cyber as the top risk their organisation is prioritising for mitigation over the next 12 months. This comes as the average cost of a data breach across all respondents is USD3.3m1.

As organisations increasingly operate across digital platforms, two-thirds (67%) note GenAI has increased their attack surface over the last year.

This year’s survey findings highlight that what worries organisations most is what they’re least prepared for. The top four cyber threats found most concerning — cloud-related threats (42%), hack-and-leak operations (38%), third-party breaches (35%) and attacks on connected products (33%) — are the same one’s security executives feel least prepared to address.

Sean Joyce, Global Cyber & Privacy Leader, PwC US, said:

“Cyber resilience is everyone’s responsibility, from the boardroom to the employee. We must hold each other accountable and ensure we address emerging risks by leveraging new technology, practicing foundational cybersecurity principles, and investing in resources that will secure the future of the organisation.”

Companies look to GenAI to bolster cyber resilience

As companies contend with cyber security concerns, almost four-fifths (78%) of leaders surveyed have ramped up their investment in GenAI over the last 12 months, with 72% increasing their risk management investment in AI governance. This comes as two-thirds (67%) of security leaders note GenAI has expanded the cyber-attack surface over the last year, ahead of other technologies such as cloud technology (66%), connected products (58%), operational technology (54%) and quantum computing (42%). But while leveraging GenAI remains key to cyber resilience strategies, organisations face several challenges when incorporating the technology, notably with existing systems/processes (39%) and a lack of standardised internal policies governing its use (37%). 

The cyber security resilience imperative

Despite the clear threats and a lack of preparedness, the survey findings highlight organisations are nevertheless taking action. More than three-quarters (77%) expect their cyber budget to increase over the coming year, with nearly half (48%) of business leaders prioritising data protection and data trust as the top cyber investment over the next year. Tech leaders, on the other hand, note cloud security (34%) remains their top-priority. Almost one-third (30%) of organisations expect cyber budgets to increase by 6-10% next year, while one-fifth (20%) expect budgets to increase by 11% or more. 

There is also a clear cyber security imperative. Organisations cite investment in cybersecurity as a key differentiator for competitive advantage, with 57% citing customer trust and 49% citing brand integrity and loyalty as primary drivers for such investment. In the backdrop, cyber regulations are also driving investment – with 96% reporting such regulations to have increased their cyber investment in the last 12 months.

Rishi Anand, Consulting Partner of PwC Thailand, added:

“As Thai businesses continue to embrace cloud technologies, the associated risks have surged to the forefront, posing significant threats alongside persistent challenges such as ransomware and cyber-related financial fraud. Additionally, the increasing reliance on third parties has further compounded these vulnerabilities. Thai companies are now more aware of cyber risks than ever before, driven by heightened regulatory requirements and firsthand experiences of cyber incidents. This awareness has spurred numerous initiatives aimed at mitigating cyber risks, including new risk assessments, the implementation of advanced tools and the modernisation of existing cybersecurity technologies.”

Rishi continued that despite these positive strides, many Thai businesses still grapple with inadequate cybersecurity budgets. However, there has been a gradual increase over the past five years.

“It’s encouraging to see many businesses in Thailand are beginning to grasp the critical importance of cyber resilience. They’re increasingly focusing on protection, response and recovery strategies, often within the broader context of business continuity plans. However, to truly enhance their cyber resilience, they should consider adopting a risk-driven approach rather than a purely compliance-focused mindset. This means going beyond just meeting regulatory requirements but instead ensuring that their projects are effectively reducing overall cyber risk.”

//ENDS//

[1] Respondents were asked to estimate the cost of their most damaging data breach over the last three years. Respondents selected from a predetermined set of cost bands and the mean cited above was calculated from grouped data. Of those who responded, 16% cited organisational revenue of more than USD10 billion (v. 31% in 2024), 11% between USD5-10 billion, 32% between USD1-5 billion, 39% with less than USD1 billion, and 1% preferred not to disclose.

About PwC 2025 Global Digital Trust Insights 

The 2025 Global Digital Trust Insights is a survey of 4,042 business and technology executives conducted in May through July 2024. A quarter of the executives are from large companies with USD5 billion or more in revenues. Respondents operate in a range of industries, including industrials and services (21%); tech, media, telecom (20%); financial services (19%); retail and consumer markets (17%); energy, utilities and resources (11%); health (7%) and government and public services (4%). Respondents are based in 77 countries and territories. The regional breakdown is Western Europe (30%), North America (25%), Asia Pacific (18%), Latin America (12%), Central and Eastern Europe (6%), Africa (5%) and the Middle East (3%). Now in its 26th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 149 countries with more than 370,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. 

© 2024 PwC. All rights reserved.

Click here to read Thai version

Contact us

Ploy Ten Kate

Ploy Ten Kate

Director, PwC Thailand

Tel: +66 (0) 2844 1000 Ext. 4713

Follow us