Only 2% of organisations fully implement cyber resilience measures
A new report from PwC reveals significant gaps in cybersecurity implementation across organizations globally. The 2025 Global Digital Trust Insights survey, which polled 4,042 business and technology executives from 77 countries, found that a mere 2% of organizations have fully implemented cyber resilience actions across all areas surveyed.
This startling statistic serves as a wake-up call for businesses struggling to keep pace with evolving cyber threats. The report, released on September 30, 2024, highlights several key areas where organizations are falling short in their cybersecurity efforts.
The survey examined 12 core resilience actions across people, processes, and technology. Alarmingly, 42% or fewer of executives believe their organizations have fully implemented any single one of these actions.
Critical areas lacking implementation include:
These findings suggest that many organizations remain dangerously exposed to potential cyber attacks that could compromise entire operations.
Another significant issue highlighted in the report is the limited involvement of Chief Information Security Officers (CISOs) in key business activities. Less than 50% of CISOs are involved to a large extent in strategic planning on cyber investments, board reporting, and overseeing tech deployments.
This gap in CISO participation at the highest levels of decision-making leaves organizations vulnerable to misaligned strategies and weaker security postures. The report emphasizes the need to give CISOs “a seat at the table” to ensure cybersecurity considerations are integrated into core business strategies.
The rapid adoption of new technologies is creating additional cybersecurity challenges. According to the report, 67% of security executives say that generative AI has increased their attack surface over the past year. Cloud technologies and connected devices are also expanding vulnerabilities.
Despite these risks, organizations are embracing these technologies, with 78% of executives reporting increased investment in generative AI over the last 12 months. This highlights the delicate balance companies must strike between innovation and security.
Cybersecurity regulations are proving to be a major driver for investment, with 96% of executives acknowledging that regulatory requirements have spurred them to enhance their security measures. Moreover, 78% believe that regulations have helped to challenge, improve, or increase their cybersecurity posture.
However, the report also reveals a significant confidence gap between CISOs/CSOs and CEOs regarding compliance with AI and resilience regulations. This 13-point difference in confidence levels suggests a disconnect in how different executives perceive their organization’s regulatory readiness.
Despite widespread recognition of its importance, only 15% of organizations are measuring the financial impact of cyber risks to a significant extent. This gap between acknowledgment and implementation represents a missed opportunity for many companies.
The report cites data issues as a top challenge faced when quantifying the financial impact of cyber risk, with 44% of respondents highlighting this as a major obstacle.
On a more positive note, 77% of executives expect their organization’s cyber budget to increase next year. This trend is particularly pronounced in North America and in the technology, media, and telecom (TMT) sector, where 82% anticipate budget increases.
Investment priorities for the coming year focus on data protection/trust and cloud security. Business executives rank data protection/trust as their top cyber investment priority (48%), while tech executives prioritize cloud security (34%).
Cybersecurity as a Competitive Differentiator
The report reveals a growing recognition of cybersecurity as a key differentiator for competitive advantage. 57% of executives cite customer trust as an area influenced by cybersecurity, while 49% point to brand integrity and loyalty.
This shift in perspective positions strong cybersecurity practices not just as a protective measure, but as a means of building reputation and trustworthiness among customers and stakeholders.
Strategic Priorities for the Coming Year
Looking ahead, executives identified several key goals for the next 12 months:
These priorities reflect a broader push to not only mitigate risks faster but also build trust and safeguard key stakeholders.
Characteristics of Top Performers
The report identified a group of top-performing organizations that consistently demonstrate leading cybersecurity practices. These top performers are more likely to:
Notably, there is a 69 percentage point gap across all behaviours between top performers and the overall global respondents.
Based on the findings, the report offers several recommendations for organizations looking to enhance their cybersecurity posture:
Conclusion
The PwC 2025 Global Digital Trust Insights report paints a complex picture of the global cybersecurity landscape. While organizations increasingly recognize the importance of robust cyber defences, many are struggling to fully implement necessary measures.
The findings underscore the need for a more strategic, enterprise-wide approach to cybersecurity. By addressing the identified gaps in resilience, CISO involvement, and risk quantification, organizations can better position themselves to face the evolving threat landscape.
As cyber risks continue to grow in complexity and potential impact, the report serves as a crucial reminder that cybersecurity is not just an IT issue, but a fundamental business imperative. Organizations that can effectively navigate these challenges stand to not only protect their assets but also build stronger relationships with customers and stakeholders.