《普華永道：2025年全球數字信任洞察報告（英文版）（24頁）.pdf》由會員分享，可在線閱讀，更多相關《普華永道：2025年全球數字信任洞察報告（英文版）（24頁）.pdf（24頁珍藏版）》請在三個皮匠報告上搜索。

1、PwC|2025 Global Digital Trust Insights|1Bridging the gapsto cyber resilience:The C-suite playbookFindings from the 2025 GlobalDigital Trust InsightsPwC|2025 Global Digital Trust Insights|2Findings from the 2025 Global Digital Trust Insights2%Only 2%have implemented cyber resilience actions across th

2、eir organisation in all areas surveyed50%Under 50%of CISOs are involved to a large extent in key business activities13%point gap in confidence between CISO/CSOs and CEOs regarding compliance with AI and resilience regulationsWith the attack surface continuing to expand through advances in AI,connect

3、ed devices and cloud technologies and the regulatory environment in constant flux,achieving cyber resilience at an enterprise level is critical.Yet despite widespread awareness of the challenges,significant gaps persist.To safeguard their organisations,executives should treat cybersecurity as a stan

4、ding item on the business agenda,embedding it into every strategic decision and demanding C-suite collaboration.PwCs 2025 Global Digital Trust Insights survey of 4,042 business and tech executives from across 77 countries revealed significant gaps companies must bridge before achieving cyber resilie

5、nce.Gaps in implementation of cyber resilience:Despite heightened concerns about cyber risk,only 2%of the executives say their company has implemented cyber resilience actions across their organisation in all areas surveyed.Gaps in preparedness:Organisations feel least prepared to address the cyber

6、threats they find most concerning,such as cloud-related risks and third-party breaches.Gaps in CISO involvement:Fewer than half of the executives say their CISOs are involved to a large extent in strategic planning,board reporting and overseeing tech deployments.Gaps in regulatory compliance confide

7、nce:CEOs and CISO/CSOs have differing levels of confidence in their companys ability to comply with regulations,particularly regarding AI,resilience and critical infrastructure.Gaps in measuring cyber risk:Although executives acknowledge the importance of measuring cyber risk,fewer than half do so e

8、ffectively,with only 15%measuring the financial impact of cyber risks to a significant extent.All of this points to the need for better C-suite collaboration and strategic investment to strengthen cyber resilience.By addressing these gaps and making cybersecurity a business priority,executives can b

9、ridge to a more secure future.CISOs can help drive this outcome by sharing tech-enabled insights and by explaining cyber priorities in business terms(cost,opportunity,risk).PwC|2025 Global Digital Trust Insights|3Table of contentsNavigating cyber threats:Establishing a shared vision for preparedness

10、GenAI and emerging tech:Balancing opportunity and riskA highly regulated cyber world:Are companies really ready?Unlocking the potential of cyber risk quantification:Whats holding organisations back?Investing in resilience,building trustIs your cyber strategy and leadership driving real resilience?Pw

11、C|2025 Global Digital Trust Insights|3 4.7.10.13.16.19.PwC|2025 Global Digital Trust Insights|4Threat outlook and emerging risks Threat outlook and emerging risks Navigating cyber threats:Establishing a shared visionfor preparedness66%of tech executives rank cyber as the highest risk for mitigation,

12、compared to 48%of business executives42%of executives rank cloud-related threats as their most concerning cyber threatTop 2Cloud and connected product attacks are what security executives feel least prepared to address While the cybersecurity landscape continues to evolve,organisations are strugglin

13、g with increasingly volatile and unpredictable threats.An expanding attack surface spurred by growing reliance on cloud,AI,connected devices and third parties demands an agile,enterprise-wide approach to resilience.Aligning organisational priorities and readiness is essential for maintaining securit

14、y and business continuity.Unprepared for the most concerning threatsWhat worries organisations most is what theyre least prepared for.The top four cyber threats found most concerning cloud-related threats,hack-and-leak operations,third-party breaches and attacks on connected products are the same on

15、es security executives feel least prepared to address.This gap highlights the urgent need for better investments and stronger response capabilities.Additionally,a perception gap exists between security executives and the rest of the organisation,with CISOs and CSOs more likely to rank ransomware amo

16、ng their top three most concerning threats.This may reflect their role,as ransomware is more central to cyber/IT duties and those in that function likely understand the vulnerabilities better than their business peers.This further reinforces the importance of better information-sharing across leader

17、ship teams to create alignment on priorities.Wake-up callA threat-informed cyber investment strategy is essential.Prioritise investments in the most pressing cyber risks and take a closer look at where resources are being applied in terms of people,process and defence capabilities.PwC|2025 Global Di

18、gital Trust Insights|5The strategic divide:Business and tech prioritiesBusiness executives and tech executives prioritise different risks.While business executives are more concerned with inflation,tech executives rank cyber risks as their top priority likely due to their proximity to the cyber thre

19、at landscape.Even so,nearly half of business executives still rank cyber risks among their top three concerns,underscoring its critical importance.This shared concern represents an opportunity for CISOs to connect the cyber agenda to the business agenda.Wake-up callBusiness and tech executives its t

20、ime to get aligned.Balance prioritisation of cyber risks with economic pressures to help safeguard assets and create resilience.Regular cross-functional assessments will keep your strategy and priorities in sync.Global average data breach cost exceeds$3 millionOver a quarter of executives tell us th

21、eir most damaging data breach in the past three years cost their organisation at least$1 million.This is somewhat lower than last years survey across organisations of all sizes and in most regions and sectors.Overall,the average data breach is estimated at$3.32 million.Top performers identified as t

22、hose who responded that their organisation is more likely to demonstrate high quality cybersecurity practices on a usual basis were less likely to experience any data breaches in the past three years.These top performers are typically from larger,high-growth organisations with cyber budgets expected

23、 to increase by 15%or more next year,indicating that cyber program maturity and funding correlate to better resilience.Threat outlook and emerging risks Dont stop short on your journey for cybersecurity and resilience.Criminals and nation-state actors are becoming expert at finding unprotected seams

24、:weak identity and access controls,unpatched devices and security misconfigurations.”Rob Joyce,Cyber,Risk&Regulatory Senior Fellow,PwC US,former Special Assistant to the President&Acting Homeland Security Advisor“PwC|2025 Global Digital Trust Insights|6Threat outlook and emerging risks Executive cal

25、l-to-actionAs organisations face a more sophisticated threat landscape,its important for executives across the C-suite to take a proactive role in assessing both current and emerging risks.By aligning cybersecurity strategies with broader business objectives,executives can better prepare their organ

26、isations to manage risk and build resilience.CISOs:Underscore to the rest of the C-suite the threats that jeopardise your business most,especially if investment efforts need to be shifted.CIOs and chief technology officers(CTOs):Based on conversations with the risk executives,gauge how certain threa

27、ts can damage information and infrastructure security at large and which threats pose the biggest barriers to resilience.CFOs:Gain deeper insight from the CISO and CRO on the most critical cyber management and investment priorities.CEOs:Meet regularly with the CRO and CISO to understand the threat v

28、ectors theyre most concerned about.Make sure youre receiving regular reporting on current threat mitigation efforts.Board:Understand the top cyber risks to the organisation and ask the tough questions of management.How are risks being mitigated?Do we have adequate plans and funding in place to proac

29、tively address risks and respond should an event occur?Wake-up callPrioritise holistic risk mitigation strategies that encompass prevention,detection,response and recovery.Understand the broader impacts of a breach beyond financial harm to build true resilience.PwC|2025 Global Digital Trust Insights

30、|7Emerging technologies and GenAI67%of security executives say that GenAI has increased their attack surface over the last year78%have increased their investment in GenAI over the last 12 monthshave increased their risk management investment in AI governanceWhile the rapid advancement of generative

31、AI(GenAI)is ushering in new opportunities across industries,it also presents cybersecurity risks.As organisations adopt GenAI and other emerging technologies,the C-suite should navigate more complex and unpredictable attack vectors,integration obstacles and the dual-edged nature of GenAI in both cyb

32、er defence and offence.Underlying these challenges are significant data and legal issues that can complicate the deployment and governance of GenAI.72%Cybersecurity is predominantly a data science problem.Its becoming imperative for cyber defenders to leverage the power of generative AI and machine

33、learning to get closer to the data to drive timely and actionable insights that matter the most.”Mike Elmore,Global CISO,GSKAn evolving attack surfaceSecurity executives report that GenAI(67%)and cloud technologies(66%)have expanded the cyber attack surface over the past year,making companies more v

34、ulnerable to sophisticated threats.GenAI can also reduce barriers to entry for less sophisticated threat actors,enabling them to craft effective phishing attacks and deepfakes at scale.This aligns with the findings of our 27th CEO Survey,in which 64%of CEOs globally agreed that GenAI is likely to in

35、crease cybersecurity risk in their organisation.Use of GenAI also raises concerns about data integrity,privacy and compliance as companies deal with regulatory obligations that are still evolving.Also expanding the attack surface are other technologies such as connected devices and operational techn

36、ology(OT),which will affect industries such as manufacturing,healthcare and energy.As more devices become interconnected,securing these systems becomes harder.In addition,while quantum computing is still on the horizon,42%percent of security executives report that it has already caused them to addre

37、ss vulnerabilities.Wake-up callContinuous assessment of new vulnerabilities,investment in advanced security measures and fostering closer collaboration between technology,security,risk and legal teams are paramount.By staying prepared for these threats,companies can better safeguard critical assets

38、and maintain stakeholder trust.Emerging technologies and GenAIGenAI and emerging tech:Balancing opportunity and risk“PwC|2025 Global Digital Trust Insights|8Leveraging GenAI for cyber defence:Opportunities and challengesAlthough GenAI is increasing the cyber risk attack surface for most organisation

39、s,executives are also using that same technology for cyber defence.The top three ways theyre leveraging GenAI include threat detection and response,threat intelligence and malware/phishing detection.However,despite these opportunities,organisations face several obstacles when incorporating GenAI int

40、o their cyber defence strategies.GenAI leads in cyber investment prioritiesRecognising the increased cyber risks,78%of executives have ramped up their cyber investment in GenAI,particularly focusing on governance.This investment in GenAI underscores the importance of managing both its capabilities a

41、nd risks.Companies are also beginning to invest in quantum preparedness.Although adoption remains years away,theres already a growing imperative to pursue quantum-resistant technologies and post-quantum security measures to combat future threats posed by this technology in the wrong hands.Emerging t

42、echnologies and GenAIWake-up callGenAI can transform your cyber defences,but only if you overcome the challenges to integrate,trust and govern it effectively,applying Responsible AI practices.Otherwise,you risk falling behind in the arms race against threat actors.Difficulty incorporating with exist

43、ing systems/processes(39%)Lack of trust in GenAI by internal stakeholders(39%)Inadequate internal controls and risk management(38%)Lack of standardised internal policies governing its use(37%)PwC|2025 Global Digital Trust Insights|9Executive call-to-actionAs emerging technologies reshape the cyberse

44、curity landscape,its critical for executives across the C-suite to take an active role in guiding their organisations through both the opportunities and risks these innovations present.CISOs:Help to drive standardisation across the technology estate to help integrate AI into cyber defences.Enforce a

45、ccess rights on a user-by-user basis to identify probable attack vectors.CIOs and CTOs:Develop an AI impact assessment to educate business executives on where investment and implementation makes the most sense.Prepare your platforms for scalability as GenAI use grows.CFOs:Work with the CISO on prior

46、itising the security and confidentiality of financial data protection.Chief data officers(CDOs):Enhance your data governance protocols and assess any data privacy risks against privacy laws and regulator guidance.Chief legal officers(CLOs)and general counsel(GCs):Collaborate with other risk and comp

47、liance teams to guard against improper secondary uses of data and potential legal exposure.Emerging technologies and GenAIWake-up callInvesting in GenAI is just the start.Move the needle more by exploring the untapped potential of other technologies,including quantum-resistant solutions,to help your

48、 defences outpace evolving threats.PwC|2025 Global Digital Trust Insights|10Regulatory developments 96%report that cybersecurity regulations have spurred them to increase their cyber investment in the last 12 months78%believe that regulations have helped to challenge,improve or increase their cybers

49、ecurity posturepoint gap in confidence between CISO/CSOs and CEOs regarding compliance with AI and resilience regulationsRegulatory frameworks are asking companies to swiftly comply with a growing array of requirements.A surge of new regulations DORA,Cyber Resilience Act,AI Act,CIRCIA,Singapore Cybe

50、rsecurity Act,etc.underscores the urgency for organisations to align their practices to these heightened expectations.As businesses navigate these demands,they face a critical gap in confidence between CISO/CSOs and CEOs regarding their ability to achieve full compliance.Addressing these challenges

51、is essential to building a resilient and compliant cybersecurity posture that can withstand both regulatory scrutiny and emerging threats.Cyber regulations are driving positive changeCyber regulations are proving to be a major driver for cybersecurity investment,with 96%of executives acknowledging t

52、hat regulatory requirements have spurred them to enhance their security measures.Moreover,78%believe that regulations have helped to challenge,improve or increase their cybersecurity posture.This indicates that,despite the difficulties of compliance,regulations are serving to further mature cybersec

53、urity capabilities across industries.13%Wake-up callOrganisations that embrace regulatory requirements tend to benefit from stronger security frameworks and a more robust posture against emerging threats.Compliance shouldnt be viewed as a box-ticking exercise but as an opportunity to build long-term

54、 resilience and trust with stakeholders.Regulatory developments A highly regulated cyber world:Are companies really ready?PwC|2025 Global Digital Trust Insights|11Confidence gap:CISOs feel less certain than CEOs about cyber complianceDespite the belief that cyber regulations are helping the organisa

55、tion,theres a significant difference between CEO and CISO/CSO confidence in their ability to comply with these regulations.The biggest gaps involve compliance with AI,resilience and critical infrastructure requirements.CISOs,who are on the front lines of cybersecurity,are less optimistic than CEOs a

56、bout their organisations ability to meet these regulatory requirements.Because CISOs are more attuned to the day-to-day operational difficulties,resource constraints and potential vulnerabilities that can hinder cyber compliance,its vital that they more effectively communicate these risks to the lea

57、dership team.Whats preventing them?Potential obstacles include barriers to CISO participation in strategic decisions and an inability to justify the amount of cyber risk investment needed.Wake-up callBridging this confidence gap requires better alignment and communication between security executives

58、 and the C-suite.CEOs should make sure that CISOs arent only heard but also have the resources and support necessary to meet regulatory demands.CISOs need to provide data-backed insights and make the business case for elevating compliance to a strategic imperative.Regulatory developments PwC|2025 Gl

59、obal Digital Trust Insights|12Executive call-to-actionAs regulatory requirements continue to shape the cybersecurity landscape,its essential that executives across the C-suite stay ahead of compliance issues while leveraging regulations as a catalyst for innovation.Creating alignment across security

60、 teams,risk functions and executive leadership is crucial for maintaining compliance readiness and driving strategic improvements.CISOs and CROs:Deliver frequent reporting to other executive leaders on the state of regulations that directly impact respective industry or territory needs,and work towa

61、rds implementing technology and regulatory change management processes.CFOs:Verify the accuracy,completeness and defensibility of all regulatory disclosures of cyber risk management and program posture.Develop a clear understanding of materiality and the specific impact of a cyber incident,incorpora

62、ting cyber risk quantification to accurately assess and communicate potential risks.CEOs:Understand oversight responsibilities to guide compliance efforts,including any necessary coordination between different business units.Identify key questions to ask CISOs to close any knowledge gaps on complian

63、ce posture.Chief compliance officers:Stay abreast of regulatory compliance requirements and collaborate with the CISO and CRO to incorporate proactive compliance measures and monitoring to periodically confirm compliance.CLOs and GCs:Determine the right amount of disclosure details needed to fulfil

64、cyber program reporting obligations,striking a balance between transparency and confidentiality.Board:Stay abreast of emerging regulatory requirements and seek input from management on proactive measures being taken to prepare for new requirements.Understand managements approach to assessing and dis

65、closing cyber incidents.Regulatory developments PwC|2025 Global Digital Trust Insights|13Cyber risk quantification15%Only 15%are measuring the financial impact of cyber risks to a significant extent87%say allocating resources to areas of highest risk is of high importancesay data issues are a top ch

66、allenge faced when quantifying the financial impact of cyber riskAs cyber threats rapidly evolve in scope and sophistication,cyber risk quantification has become a critical tool that organisations cant afford to overlook.But despite its widely acknowledged benefits,several challenges(data quality is

67、sues,output reliability,etc.)have impeded broader adoption.Measuring cyber risk is critical but limitedWhile executives largely agree that measuring cyber risk is crucial for prioritising cyber risk investments(88%)and allocating resources to areas of highest risk(87%),only 15%of organisations are a

68、ctually doing it to a significant extent(e.g.,extensive cyber risk quantification with automation and extensive reporting).For the organisations that do measure risk,seven in 10 executives indicate they use security posture assessments to quantify residual risk by considering the effectiveness of ke

69、y controls such as compliance with vulnerability remediation,user access reviews and training completion.The adoption of more holistic cyber risk quantification practices,however,remains limited.44%Wake-up callIts time to realise the full potential of cyber risk quantification.The gap between recogn

70、ition and implementation is a missed opportunity that can no longer be ignored.Organisations that dont measure cyber risk or havent fully developed this capability are leaving critical intelligence on the table,particularly when it comes to informing board decisions and capital allocation.Cyber risk

71、 quantificationUnlocking the potential of cyber risk quantification:Whats holding organisations back?PwC|2025 Global Digital Trust Insights|14What are the barriers to wider implementation?Data issues,scope uncertainty and legal concerns rank high on the list of obstacles to implementing cyber risk q

72、uantification.Lack of trust in the reliability of quantification outputs is another.Further complicating adoption is the gap between what senior executives expect and what CISOs deliver,as measuring cyber risk requires alignment between security executives and business risk appetite.Wake-up callThe

73、barriers to cyber risk quantification adoption and use may be stalling progress.Organisations cant afford to let these challenges hinder critical decision-making.Address these obstacles head on,build trust in cyber risk quantification and fully integrate it into your strategic process.PwC|2025 Globa

74、l Digital Trust Insights|15Executive call-to-actionEstablishing a trusted cyber risk quantification system is essential for making informed decisions and prioritising strategic investments.By accurately measuring risk,executives can align cybersecurity efforts with broader business objectives.CISOs:

75、Consider starting small with a specific output in mind.Leverage the information you have within your organisation(e.g.,controls effectiveness,maturity,incident or loss data).New tools can help with risk quantification but arent a requirement.Define your program and look for enabling technologies to

76、support what youve designed.CISOs and CROs:Show C-suite executives the most impactful financial risk measurement outcomes from quantification tools and practices.These examples can help persuade leadership to prioritise and allocate the right resources to the highest areas of risk.CEOs:Work with you

77、r CISO and CRO to gain a deeper understanding of the business value of cyber risk quantification and the potential costs and missed opportunities from not measuring cyber risks.Board:Understand the methods your organisation currently uses to assess cyber risk.Press management on its plans to impleme

78、nt risk quantification more broadly to better assess and report on the companys cyber risk posture.Cyber risk quantificationPwC|2025 Global Digital Trust Insights|16Cyber investment and priorities77%expect their cyber budget to increase next year48%of business executives prioritise data protection a

79、nd data trust as the top cyber investment over the next yearof tech executives prioritise cloud security as the top cyber investment over the next yearAs cybersecurity continues to evolve into a critical business priority,organisations are beginning to see its potential as a key differentiator and a

80、 way to enhance their reputation and trustworthiness.To prepare,many are increasing their cyber budgets with a particular concentration on data protection and trust.By strategically investing in these areas,companies are not only building resilience but positioning themselves positively to their cus

81、tomers.34%The threat landscape is increasingly unpredictable,as were seeing multi-vector threats to physical and digital environments.Were investing resources toward integrated response and recovery capabilities to enhance physical security and cybersecurity.Threat actors dont differentiate.We need

82、to be prepared at every level with our business continuity and resilience programs.”Dr.Georg Stamatelopoulos,CEO of EnBW AGCyber budgets are expected to grow in the next yearCyber budgets remain in line with last year,with smaller organisations investing a higher percentage of their resources compar

83、ed to larger organisations.This likely reflects smaller organisations playing catch-up in areas where larger firms have already invested heavily.Larger organisations,although expressing concerns around emerging threats and resilience,are taking a more measured approach to their investments,probably

84、due to having more established security frameworks in place.Over three quarters of executives expect their organisations cyber budget to increase next year.That number is higher(82%)for organisations in North America and in the technology,media and telecom(TMT)sector.Wake-up callAfter a year of main

85、taining budgets,its essential to align the planned increase in spending with both current and future risks so every dollar strengthens resilience and prepares the organisation for the evolving threat landscape.Cyber investment and prioritiesInvesting in resilience,building trust“PwC|2025 Global Digi

86、tal Trust Insights|17Investing in what matters most:Cloud and data trust go hand-in-handOver the next 12 months,organisations are prioritising data protection/trust and cloud security above other cyber investments.They understand that securing sensitive information is vital to maintaining stakeholde

87、r trust and brand integrity.Business and tech executives rank a different list of priorities based on areas specific to their roles.Business executives say data protection/trust is their top cyber investment priority(48%),followed by tech modernisation and optimisation(43%).For tech executives,cloud

88、 security remains their top priority(34%),following the same trend from last year.Data protection and trust is the next priority(28%).Why does cloud security continue to demand attention?Despite years of investment,the rapid adoption of cloud technologies,the consolidation of cloud hyperscalers and

89、the rise of hybrid and multi-cloud setups have concentrated risk in the cloud environment.This concentration heightens the potential impact of data access misconfigurations,data breaches and integration challenges.As threat actors evolve,so must cloud security strategies,making continued investment

90、crucial for mitigating these intensified risks.Wake-up callInvesting in cybersecurity is investing in trust.Whether its securing the cloud,safeguarding data or addressing emerging risks,your commitment to these areas will shape stakeholder confidence and your organisations resilience.Cyber investmen

91、t and prioritiesPwC|2025 Global Digital Trust Insights|18Cybersecurity and trust:The new competitive edgeOrganisations increasingly view cybersecurity as a key differentiator for a competitive advantage,with 57%of executives citing customer trust and 49%citing brand integrity and loyalty as areas of

92、 influence.As cyber threats escalate,a strong cybersecurity posture isnt just about protection its about building a reputation that customers and stakeholders can rely on.At a time when trust is paramount,companies that prioritise cybersecurity are better positioned to stand out as leaders in both s

93、afety and integrity.Wake-up callYour cybersecurity isnt just safeguarding data,its safeguarding your brand.In a competitive landscape,trust is everything.Strengthen your security measures now to help your organisation stand out as a leader in data integrity.Executive call-to-actionWith cybersecurity

94、 investments poised to grow,its essential for every member of the C-suite to align their strategies with the organisations most pressing risks.Executives should make investments that not only address current vulnerabilities but also build trust and resilience.CIOs,CTOs and CISOs:Translate the busine

95、ss case for data protection and cloud security investment priorities to CFOs based on the business value of key outcomes(e.g.,reducing the time to recover mission-critical data or patching a system).CFOs:Determine the business value of data protection and cloud security to gain stakeholder trust and

96、 make more informed cybersecurity investment decisions.CDOs:Collaborate with tech,security and finance executives to pinpoint the most essential data security and integrity priorities to guide the information and cloud security investment strategy.Confirming data quality and readiness is necessary t

97、o increase security investments.Cyber investment and prioritiesPwC|2025 Global Digital Trust Insights|19Cyber strategy and leadership2%Only 2%have implemented cyber resilience actions across their organisation in all areas surveyed21%Only 21%usually allocate cyber budget to the top risks of the orga

98、nisationUnder 50%of CISOs are involved to a large extent in strategic planning on cyber investmentsTo manage tomorrows threats,investments alone are not sufficient organisations should also elevate their approach to cyber strategy and leadership.From lagging resilience efforts to gaps in CISO involv

99、ement in strategic decisions,there are clear areas where strategic alignment is needed.To get there,organisations should emulate the leading cybersecurity practices of their top performing peers.They should also move beyond addressing known threats and implement an agile,secure-by-design approach to

100、 business,one that strives to build trust and lasting resilience.50%Its the CISOs job to contextualise and connect the threats that exist to the vulnerabilities within the organisation.That means educating people on the threats the enterprise is prepared to deal with and those its not ready for.With

101、 an education-forward approach,there tends to be more cooperation across the organisation.”David Bruyea,CISO at MonerisPartial implementation isnt enoughDespite mounting concern about cyber risk,most businesses are struggling to fully implement cyber resilience across core practices.A review of 12 r

102、esilience actions across people,processes and technology indicates that 42%or fewer of executives believe their organisations have fully implemented any one of those actions.More concerning,only 2%say all 12 resilience actions have been implemented across their organisation.This leaves a glaring vul

103、nerability without enterprise-wide resilience,companies remain dangerously exposed to the increasing threats that could compromise the entire operation.Here are just a few key areas that would benefit from cross-organisational attention.Establishing a resilience team(only 34%of executives say this h

104、as been implemented across the organisation)Developing a cyber recovery playbook for IT-loss scenarios(only 35%say this has been implemented across the organisation)Mapping technology dependencies(only 31%say this has been implemented across the organisation)Cyber strategy and leadershipIs your cybe

105、r strategy and leadership driving real resilience?“PwC|2025 Global Digital Trust Insights|20Cyber resilience is a key priority.Why are so many companies behind in critical areas?Many companies still lag when it comes to demonstrating leading cybersecurity practices.Only around one in five executives

106、 note they demonstrate these practices on a usual basis.Just 20%,for instance,usually anticipate future cyber risks and only 21%usually allocate cyber budget to the top risks of the organisation.This lag could be due to several factors,including a lack of strategic foresight,insufficient resources o

107、r a reactive rather than proactive approach to cybersecurity.Wake-up callLagging cyber resilience puts your organisation at risk.Take enterprise-wide action through technology,processes and people to transform your defences and prepare for the challenges ahead.Cyber strategy and leadershipPwC|2025 G

108、lobal Digital Trust Insights|21Top performers consistently and significantly outshine the restWe explored this question further to identify a group of top performing executives who“usually”demonstrate these behaviours.Theres a gap of 69 percentage points greater across all behaviours between top per

109、formers and our overall global respondents.Top performers are more likely to have higher confidence in their organisations ability to comply with regulations and have implemented key resilience actions across their organisation.Cyber strategy and leadershipWake-up callTo close the gap,organisations

110、need to shift from reactive to proactive cybersecurity strategies.This includes better risk anticipation,more strategic budget allocation and a commitment to continuous improvement.Strategic priorities:Speed,trust and stakeholder securityOver the next 12 months,more than a third of executives expect

111、 to work on reducing response times to incidents and disruptions.Other top goals include boosting confidence in leaderships ability to manage threats and enhancing the experiences of both customers and employees.These goals reflect a broader push to not only mitigate risks faster but also build trus

112、t and safeguard customers and employees.Wake-up callQuick responses arent just a goal theyre a necessity.Delayed reactions to threats can cost more than just time.They can erode trust and severely disrupt your business.Speed and confidence in leadership should be nonnegotiable priorities.PwC|2025 Gl

113、obal Digital Trust Insights|22Elevating the CISO:Aligning strategywith securityMany organisations miss critical opportunities by not fully involving their CISOs in key initiatives.Fewer than half of executives tell us that their CISOs are largely involved in strategic planning for cyber investments,

114、board reporting and overseeing tech deployments.This gap leaves organisations vulnerable to misaligned strategies and weaker security postures.Cyber strategy and leadershipWake-up callGive your CISO a seat at the table.Their insights are vital for proactively navigating cybersecurity as a core busin

115、ess enterprise risk.Involving them at the highest level helps your organisation align its approach to safeguarding critical assets and driving resilience.Executive call-to-actionStrong cybersecurity leadership demands strategic vision and alignment across the organisation.Each executive has a role i

116、n driving this alignment,from integrating the CISO into key decisions to prioritising resilience efforts.CISOs:Make the business case to the rest of the C-suite for why its imperative that CISOs be involved in strategy,planning and oversight of the cyber risk mitigation and resilience strategy.CEOs,

117、CFOs and CIOs:Participate in cyber resilience assessments and exercises to better understand gaps and approaches CISOs might face for integrating leading practices,standards and controls.Board:Stay informed on cyber risk program developments,especially related to your organisations cyber risk and th

118、reat exposure,to meet expanding oversight and governance responsibilities.PwC|2025 Global Digital Trust Insights|23About this report The 2025 Global Digital Trust Insights is a survey of 4,042 business and technology executives conducted in the May through July 2024 period.A quarter of the executive

119、s are from large companies with$5 billion or more in revenues.Respondents operate in a range of industries,including industrials and services(21%);tech,media,telecom(20%);financial services(19%);retail and consumer markets(17%);energy,utilities and resources(11%);health(7%)and government and public

120、services(4%).Respondents are based in 77 countries.The regional breakdown is Western Europe(30%),North America(25%),Asia Pacific(18%),Latin America(12%),Central and Eastern Europe(6%),Africa(5%)and the Middle East(3%).The Global Digital Trust Insights Survey had been known as the Global State of Inf

121、ormation Security Survey(GSISS).Now in its 27th year,its the longest-running annual survey on cybersecurity trends.Its also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives,not just security and technology executives.PwC Resea

122、rch,PwCs global Centre of Excellence for market research and insight,conducted this survey.PwC|2025 Global Digital Trust Insights|24Contact usSean Joyce Global Cybersecurity&Privacy Leader US Cyber,Risk&Regulatory Leader PwC US |LinkedIn 2024 PwC.All rights reserved.PwC refers to the PwC network and/or one or more of its member firms,each of which is a separate legal entity.Please see for further details.This content is for general purposes only,and should not be used as a substitute for consultation with professional advisors.2245282-2024 MJ