One in four companies (27%) globally has suffered a data breach that cost $1–20 million or more in the past three years.
However, despite cyberattacks continuing to cost businesses millions of dollars, globally fewer than 40% of executives say they have fully mitigated cybersecurity risk exposure in a number of critical areas.
In India, the figure is slightly better with over 50% respondents believing that they have fully mitigated the risks their bold moves incurred since 2020. This includes enabling remote and hybrid work (57% say the cyber risk is fully mitigated); accelerated cloud adoption (61%); increased use of the internet of things (67%); increased digitisation of supply chains (52%) and back office operations (56%), as per the findings of PwC’s annual Global Digital Trust Insights – India edition.
Organisations across the globe worry about more threats and cyber events in 2023 – 65% of surveyed business executives feel cybercriminals will significantly affect their organisation in 2023 compared to 2022, according to the survey.
In India, cloud-based pathways (59%) and the internet of things (58%) are top areas of concern, followed by mobile devices and software supply chains (54%). Globally, mobile devices are considered most unsecure (41%).
Further, 89% of Indian business executives say their organisation’s cybersecurity team detected a significant cyberthreat to business and prevented it from affecting their operations, as against 70% globally.
The survey also highlights that 83% Indian business executives say their organisation’s cybersecurity team has improved supply chain risk management. Of all the risks affecting organisations, Indian respondents consider a catastrophic cyberattack, a resurgence of Covid-19 or a new health crisis, and a new geopolitical conflict as the top three risks, the survey adds.
Most organisations increasing their cyber budgets
The majority of executives surveyed say their organisations are continuing to increase their cyber budgets – 69% say that the budget increased in 2022 and 65% plan to spend more on cyber in 2023.
Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning. According to the survey, a catastrophic cyberattack ranks higher than global recession or another health crisis for organisations’ resilience planning.
Concerns around cybersecurity extend to the C-suite. Most CEOs surveyed are planning to ramp up action cybersecurity measures in the coming year – 52% say they will drive major initiatives to improve their organisation’s cyber posture.
Many CFOs surveyed are also planning to increase their cyber focus, including cyber technology solutions (39%), focus on strategy and coordination with engineering/operations (37%) and upskilling and hiring of cyber talent (36%).
It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed.
The range of harm organisations have experienced due to a cyber breach or data privacy incident over the past three years includes loss of customers (cited by 27%), loss of customer data (25%), and reputational or brand damage (23%).
"The digitalisation of business demands that corporates and boards invest in becoming more cyber-resilient. This needs to be across the spectrum – in technology, people, processes, and engineering capabilities. Our survey clearly reveals that organisations that have made cybersecurity a strategic priority have witnessed less disruption to business. Cyber resilience is not only key to survival of businesses but also a key driver of public trust," said Sivarama Krishnan, partner and APAC Cybersecurity leader, PwC.
Top threat actors
Top threat pathways