A recent report from PwC has shed light on the pressing cybersecurity issues that affect organizations across the globe. The 2025 Global Digital Trust Insights survey, which involved more than 4,000 business and technology executives from 77 countries, uncovered that a mere 2% of organizations have fully implemented cyber resilience measures across all assessed areas. This alarming statistic underlines the critical vulnerabilities that many businesses face in today’s digital landscape.
The survey evaluated 12 key resilience actions related to people, processes, and technology. Shockingly, fewer than 42% of executives believe their organizations fully adopted any of these essential measures. The most pressing gaps reveal a lack of fundamental preparedness. Only 34% of organizations reported having established a resilience team, while just 35% have developed a cyber recovery playbook to address IT-loss scenarios. Even more concerning is the finding that only 31% of organizations have mapped their technology dependencies.
These deficiencies indicate a significant risk. Organizations that lack comprehensive cyber resilience plans remain exposed to the threat of cyberattacks, which can severely disrupt their operations and data integrity. The implications of these vulnerabilities are profound, potentially affecting a company’s financial stability, reputation, and overall success.
Adding to this trend of insufficient cybersecurity practices is the role of Chief Information Security Officers (CISOs). The report highlights that fewer than 50% of CISOs are actively involved in critical business functions such as strategic planning for cyber investments, reporting to boards, or managing technology deployments. This lack of engagement creates a disconnect between security measures and business strategies, aligning security considerations merely as an afterthought rather than a core component of business planning. To combat this, the report advocates for elevating the CISO role, allowing these professionals a seat at the decision-making table to integrate cybersecurity within the broader business framework.
The rise of new technologies, particularly generative AI and cloud solutions, introduces additional cybersecurity challenges. In the report, a striking 67% of security executives indicated that the implementation of generative AI has expanded their potential attack surface over the last year. As cloud technologies and connected devices proliferate, the vulnerabilities faced by organizations grow in tandem. Despite these heightened risks, organizations continue to invest heavily in technology, with 78% of executives reporting an increase in spending on generative AI in the past year. This trend illustrates a delicate balance between driving innovation and maintaining security.
Regulatory pressures are also shaping the cybersecurity landscape. An overwhelming 96% of executives noted that regulatory frameworks have compelled enhancements in their security measures. Yet, the report identifies a significant confidence gap between CISOs or Chief Security Officers (CSOs) and CEOs regarding compliance with AI and resilience regulations. A disparity of 13 points suggests that while security leaders recognize the challenges posed by regulatory demands, executive management may not share the same urgency or perception of readiness. This lack of alignment can lead to misguided investments and strategies, further complicating the quest for effective cybersecurity frameworks.
To mitigate these vulnerabilities, organizations need a profound reevaluation of their cybersecurity models. This starts with adopting a holistic approach that encompasses establishing dedicated resilience teams, engaging CISOs as integral components of business strategy, and fostering a culture of compliance with regulatory requirements.
Practical measures include investing in training programs that prioritize cybersecurity awareness across all levels of the organization. Regular simulations of potential cyber incidents can help to build resilience and ensure preparedness in the event of an attack. Furthermore, organizations should commit to conducting routine assessments of their technology dependencies, not only to identify weaknesses but also to leverage their strengths effectively.
The cost of cyber inaction is steep, and the importance of proactive measures cannot be overstated. By prioritizing cybersecurity, organizations can protect their assets, enhance their reputations, and ensure their long-term success in an increasingly digital world. As the PwC report indicates, the time for action is now, and the role of cybersecurity must evolve from a secondary concern to a principal focus in business planning and execution.
In summary, as organizations navigate this intricate landscape of cybersecurity challenges, embracing a proactive approach will ultimately determine who thrives and who merely survives in this ever-competitive digital age.