One in four companies (27%) globally have suffered a data breach that cost them between $1 million and $20 million or more in the past three years, according to a new survey by PwC.
The percentage rises to one in three (34%) for companies surveyed in North America, with only 14% of firms globally reporting no data breaches during the period, the Global Digital Trust Insights survey of more than 3,500 senior executives across 65 countries found.
Despite cyber-attacks continuing to cost businesses millions of dollars, fewer than 40% of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas. This includes enabling remote and hybrid work (38% say cyber-risk is fully mitigated); accelerated cloud adoption (35%); increased use of Internet of Things (34%); increased digitisation of supply chain (32%) and back-office operations (31%).
For operations-focused executives surveyed, cybersecurity of the supply chain is a major concern. Nine in ten expressed concerns about their organisation's ability to withstand a cyber-attack that disrupts their supply chain, with 56% extremely or very concerned.
Mr Phansak says a rising number of cyber-attacks have pushed Thai organisations to consider cybersecurity investment to mitigate reputational damage and financial risk.
DISCLOSURE DRIVE
Four in five organisations (79%) surveyed state that a comparable and consistent format for mandatory disclosure of cyber-incidents is necessary to gain stakeholder confidence and trust. Three-quarters (76%) agree that increased reporting to investors will be a net benefit to the organisation and entire ecosystem.
The same percentage agree that governments should be expected to use the knowledge base from mandatory cyber-attack disclosures to develop cyberdefence techniques for the private sector.
While there is a clear preference for mandatory disclosure of cyber-incidents, fewer than half (42%) of the executives surveyed are fully confident their organisation can provide the required information about a significant incident within the specified reporting period.
There is also a hesitance to share too much information -- 70% said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.
"It's clear from our survey that a higher level of public-private collaboration is needed to address the increasingly complex cyberthreat landscape -- companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber-incidents," said Sean Joyce, global cybersecurity and privacy leader with PwC US.
The majority of executives surveyed said their organisations are continuing to increase their cyberbudgets -- 69% said the budget increased in 2022 and 65% plan to spend more on cyber in 2023. In fact, cybersecurity now tops the agenda for resilience planning. According to the survey, a catastrophic cyber-attack ranks higher than a global recession or another health crisis for organisations' resilience planning.
Concern with cyber extends to the top of organisations, with 52% of chief executives saying they would drive major initiatives to improve their organisation's cyber posture. Among chief financial officers, 39% said they would be looking at cyber technology solutions and 36% mentioned upskilling and hiring of cybertalent as a priority.
"The rising number of cyber-attacks have pushed Thai organisations to consider cybersecurity investment to mitigate reputational damage and financial risk," said Mr Phansak.
NON-FINANCIAL COSTS
The cost of cyberbreaches goes much further than direct financial costs, according to the marketing-oriented executives surveyed. The range of harm organisations have experienced due to a cyberbreach over the past three years includes loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%).
"There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management programme, continuity and contingency planning, and clear, consistent external reporting," said Mr Joyce.
Businesses in Thailand are also facing more cyber-attacks, according to Phansak Sethsathira, risk consulting partner at PwC Thailand. Ransomware, which is malware designed to hold a victim's files at ransom, has been the most common cyberthreat in the country this year.
"The rising number of cyber-attacks have pushed Thai organisations to consider cybersecurity investment to mitigate reputational damage and financial risk," Mr Phansak said.
"During the Covid-19 crisis, companies significantly accelerated digital adoption in areas such as e-commerce, mobile banking and remote working. As a result, many organisations have increased their cybersecurity budgets over the last two to three years. However, cybersecurity awareness and investment are still lacking with most companies only realising its importance when exposed to the threat.
"Businesses must raise cybersecurity awareness across all levels. It's important to appoint an expert who is responsible for data protection and IT infrastructure security. Another vital step is implementing effective employee communication on the importance of cybersecurity while ensuring those at executive level demonstrate best practice as role models for the organisation."
To download the full Global Digital Trust Insights 2022 survey, visit https://pwc.to/3D4si4W
