Report by pwc
New world, new rules: Cybersecurity in an era of uncertainty
Key Findings
48% of organisations that have experienced a major attack are prioritising managed services to fill critical skills deficiencies (compared to 39% overall).
Roughly half of respondents say their organisation is at best only ‘somewhat capable’ of withstanding cyber attacks targeting specific vulnerabilities.
Only 3% of organisations have implemented all leading quantum-resistant security measures surveyed.
33% of business and tech leaders ranked cloud-related threats in their top three threats they are least prepared to address.
The top three investment priorities when allocating cyber budgets are: Artificial intelligence (AI) (36%), Cloud security (34%), and Network security and zero trust (28%).
39% of business and tech leaders prioritise changes in trade and operating policies in response to the current geopolitical landscape.
AI enablement of key cyber capabilities is the #1 cyber investment priority for security leaders.
Over half (53%) of organisations are prioritising AI and machine learning tools in their top three priorities to help close capability gaps in cyber talent.
28% of business and tech leaders ranked attacks on connected products in their top three threats they are least prepared to address.
The top internal challenges to achieving post-quantum cryptography include gaps in technical expertise to adopt industry standards (37%) and gaps in dedicated quantum computing knowledge and resources (36%).
Regarding Operational Technology (OT) and Industrial Internet of Things (IIoT) systems, 47% of leaders cite a lack of qualified personnel/skillsets and resources as a top three challenge.
Cloud and connected product attacks are the top two cyber threats organisations feel least prepared to address.
Only 16% of organisations are measuring the potential financial impact of cyber risks (risk quantification) to a significant extent.
The Top 2 challenges to implementing AI for cyber defence are knowledge and skills gaps.
60% of business and tech leaders prioritise cyber risk investment in response to the current geopolitical landscape.
41% of business and tech leaders prioritise changes in critical infrastructure location in response to the current geopolitical landscape.
Only 6% of organisations have fully implemented all data risk measures surveyed across the enterprise.
AI (38%) and Cloud security (32%) are the top two areas where organisations are prioritising the use of managed services
Only 8% of security leaders include quantum readiness in their top three budget priorities for the coming year.
39% of business and tech leaders prioritise changes in cyber insurance policies in response to the current geopolitical landscape.
For companies with $5 billion or more in revenue, 41% reported a breach costing $1 million or more.
78% of business and tech leaders expect their cyber budget to increase over the coming year (a figure virtually unchanged from 77% last year).
More than a quarter of executives reported that their most damaging data breach in the past three years cost their organisation at least $1 million.
Only 24% of organisations are spending significantly more on proactive measures (e.g., monitoring, testing, controls) than reactive measures (e.g., incident response, fines, recovery)—which is considered the ideal spend ratio.
Most companies (67%) are spending roughly equal amounts on proactive and reactive cybersecurity measures.
Security leaders rank threat hunting as the #1 AI security capability they plan to bolster over the next 12 months.
The top three priority areas for deploying agentic AI solutions are cloud security (39%), data protection (39%), and cyber defence and operations (38%).
Only 6% of organisations feel confident/very capable across all vulnerabilities surveyed, given the current geopolitical landscape.
Quantum computing now ranks among the Top 4 threats that organisations feel least prepared to address.
49% of organisations have not considered or started implementing any quantum-resistant security measures.