Digital Transformation » Cyber Security » Only 2% of organisations fully implement cyber resilience measures

Only 2% of organisations fully implement cyber resilience measures

Only 2% of organisations fully implement cyber resilience measures

A new report from PwC reveals significant gaps in cybersecurity implementation across organizations globally. The 2025 Global Digital Trust Insights survey, which polled 4,042 business and technology executives from 77 countries, found that a mere 2% of organizations have fully implemented cyber resilience actions across all areas surveyed.

This startling statistic serves as a wake-up call for businesses struggling to keep pace with evolving cyber threats. The report, released on September 30, 2024, highlights several key areas where organizations are falling short in their cybersecurity efforts.

Lagging Resilience Efforts

The survey examined 12 core resilience actions across people, processes, and technology. Alarmingly, 42% or fewer of executives believe their organizations have fully implemented any single one of these actions.

Critical areas lacking implementation include:

  • Establishing a resilience team (only 34% have implemented across the organization)
  • Developing a cyber recovery playbook for IT-loss scenarios (35%)
  • Mapping technology dependencies (31%)

These findings suggest that many organizations remain dangerously exposed to potential cyber attacks that could compromise entire operations.

CISO Involvement Gap

Another significant issue highlighted in the report is the limited involvement of Chief Information Security Officers (CISOs) in key business activities. Less than 50% of CISOs are involved to a large extent in strategic planning on cyber investments, board reporting, and overseeing tech deployments.

This gap in CISO participation at the highest levels of decision-making leaves organizations vulnerable to misaligned strategies and weaker security postures. The report emphasizes the need to give CISOs “a seat at the table” to ensure cybersecurity considerations are integrated into core business strategies.

Emerging Technologies Expand Attack Surface

The rapid adoption of new technologies is creating additional cybersecurity challenges. According to the report, 67% of security executives say that generative AI has increased their attack surface over the past year. Cloud technologies and connected devices are also expanding vulnerabilities.

Despite these risks, organizations are embracing these technologies, with 78% of executives reporting increased investment in generative AI over the last 12 months. This highlights the delicate balance companies must strike between innovation and security.

Regulatory Compliance Driving Investment

Cybersecurity regulations are proving to be a major driver for investment, with 96% of executives acknowledging that regulatory requirements have spurred them to enhance their security measures. Moreover, 78% believe that regulations have helped to challenge, improve, or increase their cybersecurity posture.

However, the report also reveals a significant confidence gap between CISOs/CSOs and CEOs regarding compliance with AI and resilience regulations. This 13-point difference in confidence levels suggests a disconnect in how different executives perceive their organization’s regulatory readiness.

Limited Adoption of Cyber Risk Quantification

Despite widespread recognition of its importance, only 15% of organizations are measuring the financial impact of cyber risks to a significant extent. This gap between acknowledgment and implementation represents a missed opportunity for many companies.

The report cites data issues as a top challenge faced when quantifying the financial impact of cyber risk, with 44% of respondents highlighting this as a major obstacle.

Increasing Cyber Budgets

On a more positive note, 77% of executives expect their organization’s cyber budget to increase next year. This trend is particularly pronounced in North America and in the technology, media, and telecom (TMT) sector, where 82% anticipate budget increases.

Investment priorities for the coming year focus on data protection/trust and cloud security. Business executives rank data protection/trust as their top cyber investment priority (48%), while tech executives prioritize cloud security (34%).

Cybersecurity as a Competitive Differentiator

The report reveals a growing recognition of cybersecurity as a key differentiator for competitive advantage. 57% of executives cite customer trust as an area influenced by cybersecurity, while 49% point to brand integrity and loyalty.

This shift in perspective positions strong cybersecurity practices not just as a protective measure, but as a means of building reputation and trustworthiness among customers and stakeholders.

Strategic Priorities for the Coming Year

Looking ahead, executives identified several key goals for the next 12 months:

  1. Reducing response times to incidents and disruptions
  2. Boosting confidence in leadership’s ability to manage threats
  3. Enhancing experiences of both customers and employees

These priorities reflect a broader push to not only mitigate risks faster but also build trust and safeguard key stakeholders.

Characteristics of Top Performers

The report identified a group of top-performing organizations that consistently demonstrate leading cybersecurity practices. These top performers are more likely to:

  • Have higher confidence in their ability to comply with regulations
  • Have implemented key resilience actions across their organization
  • Anticipate future cyber risks
  • Allocate cyber budgets to top organizational risks

Notably, there is a 69 percentage point gap across all behaviours between top performers and the overall global respondents.

Recommendations for Improvement

Based on the findings, the report offers several recommendations for organizations looking to enhance their cybersecurity posture:

  1. Elevate the role of the CISO, ensuring their involvement in key strategic decisions
  2. Implement cyber resilience actions across the entire organization
  3. Invest in quantifying cyber risks to better inform decision-making
  4. Align cybersecurity investments with both current and future risks
  5. Adopt a proactive approach to anticipating and addressing cyber threats
  6. View cybersecurity as an opportunity to build trust and gain competitive advantage

Conclusion

The PwC 2025 Global Digital Trust Insights report paints a complex picture of the global cybersecurity landscape. While organizations increasingly recognize the importance of robust cyber defences, many are struggling to fully implement necessary measures.

The findings underscore the need for a more strategic, enterprise-wide approach to cybersecurity. By addressing the identified gaps in resilience, CISO involvement, and risk quantification, organizations can better position themselves to face the evolving threat landscape.

As cyber risks continue to grow in complexity and potential impact, the report serves as a crucial reminder that cybersecurity is not just an IT issue, but a fundamental business imperative. Organizations that can effectively navigate these challenges stand to not only protect their assets but also build stronger relationships with customers and stakeholders.

Share
Was this article helpful?

Comments are closed.

Subscribe to get your daily business insights