27 percent of companies globally have suffered a data breach that cost more than US $1 million in the past three years, according to PwC’s annual Global Digital Trust Insights Survey. This surveyed more than 3,500 senior executives across 65 countries. The percentage rises to one in three (34 percent) for companies surveyed in North America, with only 14 percent of firms globally reporting that no data breaches have occurred during the period.
Despite the high costs of cyber attacks fewer than 40 percent of executives surveyed say they have fully mitigated cyber security risk exposure in a number of critical areas. This includes, enabling remote and hybrid work (38 percent say the cyber risk is fully mitigated); accelerated cloud adoption (35 percent); increased use of Internet of Things (34 percent); increased digitization of supply chain (32 percent) and back office operations (31 percent).
For operations-focused executives surveyed, cyber security of the supply chain is a major concern. Nine in ten expressed concern about their organization’s ability to withstand a cyber attack that disrupts their supply chain, with 56 percent extremely or very concerned.
Mandatory disclosure of cyber incidents is supported
Four in five organizations (79 percent) surveyed state that a comparable and consistent format for mandatory disclosure of cyber incidents is necessary to gain stakeholder confidence and trust. Three-quarters (76 percent) agree that increased reporting to investors will be a net benefit to the organisation and entire ecosystem. Further, the same percentage agree that governments should be expected to use the knowledge base from mandatory cyber attack disclosures to develop cyber defence / defense techniques for the private sector.
While there is a clear preference for mandatory disclosure of cyber incidents, fewer than half (42 percent) of executives surveyed are fully confident their organization can provide required information about a material/significant incident within the specified reporting period. There is also a hesitance to share too much information: 70 percent said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.
Most organizations are increasing cyber budgets
The majority of executives surveyed said their organizations are continuing to increase their cyber budgets: 69 percent said the budget increased in 2022 and 65 percent plan to spend more on cyber in 2023. Increasing budgets reflect the fact that cyber security tops the agenda for resilience planning. According to the survey, a catastrophic cyber attack ranks higher than global recession or another health crisis for organizations’ resilience planning.
Concern with cyber extends to the top of organizations
Most CEOs surveyed are planning to ramp up action to address cyber security in the coming year: 52 percent said they will drive major initiatives to improve their organization’s cyber posture. Many CFOs surveyed are also planning to increase their cyber focus, including cyber technology solutions (39 percent), focus on strategy and coordination with engineering/operations (37 percent) and upskilling and hiring of cyber talent (36 percent)
It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. The range of harm organizations have experienced due to a cyber breach or data privacy incident over the past three years include loss of customers (cited by 27 percent), loss of customer data (25 percent) and reputational or brand damage (23 percent)
About the survey
The Global Digital Trust Insights Survey captures the views of senior executives on the challenges and opportunities to improve and transform cyber security within their organisation in the next 12-18 months. The Survey includes 3,522 respondents across 65 countries. Companies with revenues greater than US$1bn make up 52 percent of those surveyed; 25 percent have revenues greater than US$5bn.
