Cyber-resilience lags as risks rise
text size

Cyber-resilience lags as risks rise

Most organisations expect cyber budgets will have to increase next year, PwC survey finds

Listen to this article
Play
Pause
As organisations increasingly operate across digital platforms, 67% note GenAI has led to increased risk of attacks over the last year.
As organisations increasingly operate across digital platforms, 67% note GenAI has led to increased risk of attacks over the last year.

Almost four-fifths (77%) of organisations expect their cybersecurity budget to increase over the coming year as they cite lack of preparedness for an ever-expanding array of cyber vulnerabilities, according to the 2025 Global Digital Trust Insights survey by PwC.

The report, which polled 4,042 business and tech executives from across 77 countries and territories, found that only 2% of companies surveyed have implemented cyber-resilience across their entire organisation, even as 66% of tech leaders rank cyber as the top risk their organisation is prioritising for mitigation over the next 12 months. This comes as the average cost of a data breach, based on the survey responses, is US$3.3 million.

As organisations increasingly operate across digital platforms, two-thirds (67%) note that generative artificial intelligence (GenAI) has led to increased risk of attacks over the last year.

This year's survey findings highlight that what worries organisations most is what they are least prepared for. The top four cyber threats found most concerning -- cloud-related threats (42%), hack-and-leak operations (38%), third-party breaches (35%) and attacks on connected products (33%) -- are the same ones that security executives feel least prepared to address.

"Cyber-resilience is everyone's responsibility, from the boardroom to the employee," said Sean Joyce, global cyber and privacy leader with PwC US.

"We must hold each other accountable and ensure we address emerging risks by leveraging new technology, practising foundational cybersecurity principles, and investing in resources that will secure the future of the organisation."

As companies contend with cybersecurity concerns, 78% of leaders surveyed have ramped up their investment in GenAI over the last 12 months, with 72% increasing their risk management investment in AI governance.

This comes as two-thirds (67%) of security leaders note GenAI has expanded the cyber-attack surface over the last year, ahead of other technologies such as cloud technology (66%), connected products (58%), operational technology (54%) and quantum computing (42%).

But while making optimum use of GenAI remains key to cyber-resilience strategies, organisations face several challenges when incorporating the technology, notably with existing systems and processes (39%) and a lack of standardised internal policies governing its use (37%).

Despite the clear threats and a lack of preparedness, the survey findings highlight organisations are taking action. More than three-quarters (77%) expect their cyber budget to increase over the coming year, with nearly half (48%) of business leaders prioritising data protection and data trust as the top cyber investments over the next year.

Tech leaders, on the other hand, note cloud security (34%) remains their top priority. Roughly 30% of organisations expect cyber budgets to increase by 6-10% next year, while 20% expect budgets to increase by 11% or more.

KEY DIFFERENTIATOR

There is also a clear cybersecurity imperative. Organisations cite investment in cybersecurity as a key differentiator for competitive advantage, with 57% citing customer trust and 49% citing brand integrity and loyalty as primary drivers for such investment.

Cyber regulations are also driving investment -- with 96% reporting that such regulations led to increases in their cyber investment in the last 12 months.

"As Thai businesses continue to embrace cloud technologies, the associated risks have surged to the forefront, posing significant threats alongside persistent challenges such as ransomware and cyber-related financial fraud," said Rishi Anand, consulting partner of PwC Thailand.

"Additionally, the increasing reliance on third parties has further compounded these vulnerabilities. Thai companies are now more aware of cyber-risks than ever before, driven by heightened regulatory requirements and first-hand experiences of cyber incidents.

"This awareness has spurred numerous initiatives aimed at mitigating cyber-risks, including new risk assessments, the adoption of advanced tools and the modernisation of existing cybersecurity technologies."

Despite these positive strides, many Thai businesses still grapple with inadequate cybersecurity budgets. However, there has been a gradual increase over the past five years.

"It's encouraging to see many businesses in Thailand are beginning to grasp the critical importance of cyber-resilience. They're increasingly focusing on protection, response and recovery strategies, often within the broader context of business continuity plans," said Mr Anand.

"However, to truly enhance their cyber-resilience, they should consider adopting a risk-driven approach rather than a purely compliance-focused mindset. This means going beyond meeting regulatory requirements and ensuring their projects are effectively reducing overall cyber-risk."

Do you like the content of this article?
COMMENT (2)