CFOs and CEOs are planning to ramp up actions to address cybersecurity issues in the coming year, said PwC recently when releasing its Global Digital Trust Insights Survey that collected responses from more than 3,500 senior executives across 65 countries.
One in four companies (27%) globally have suffered a data breach that cost them US$1- 20 million or more in the past three years, according to the company.
To tackle the issue, the majority of executives surveyed said their organisations are continuing to increase their cyber budgets – 69% said the budget increased in 2022 and 65% plan to spend more on cyber in 2023, PwC pointed out.
Many CFOs surveyed are also planning to increase their cyber focus, including cyber technology solutions (39%), focus on strategy and coordination with engineering/operations (37%) and upskilling and hiring of cyber talent (36%), the firm said.
In addition, most CEOs surveyed are planning to ramp up actions to address cybersecurity in the coming year - 52% said they will drive major initiatives to improve their organisation’s cyber posture, PwC added.
The cost of cyber breaches goes much further than direct financial costs, PwC cited marketing-oriented execs surveyed as saying.
The range of harm organisations have experienced due to a cyber breach or data privacy incident over the past three years include loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%), the survey indicates.
Survey highlights
- Despite cyber attacks continuing to cost businesses millions of dollars, fewer than 40% of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas.
- This includes, enabling remote and hybrid work (38% say the cyber risk is fully mitigated); accelerated cloud adoption (35%); increased use of internet of things (34%); increased digitisation of supply chain (32%) and back office operations (31%).
- For operations-focused executives surveyed, cybersecurity of the supply chain is a major concern. Nine in ten expressed concern about their organisation’s ability to withstand a cyber attack that disrupts their supply chain, with 56% extremely or very concerned.
- Four in five organisations (79%) surveyed state that a comparable and consistent format for mandatory disclosure of cyber incidents is necessary to gain stakeholder confidence and trust.
- Three-quarters (76%) agree that increased reporting to investors will be a net benefit to the organisation and entire ecosystem.
- Further, the same percentage agree that governments should be expected to use the knowledge base from mandatory cyber attack disclosures to develop cyber defence techniques for the private sector.
- While there is a clear preference for mandatory disclosure of cyber incidents, fewer than half (42%) of executives surveyed are fully confident their organisation can provide required information about a material/significant incident within the specified reporting period.
- There is also a hesitance to share too much information – 70% said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.
