According to the survey, a catastrophic cyberattack ranks higher than global recession or another health crisis for organizations’ resilience planning
One in four companies (27 per cent) globally has suffered a data breach that cost USD1–20 million or more in the past three years. However, despite cyberattacks continuing to cost businesses millions of dollars, globally fewer than 40 per cent of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas. In India, the figure is slightly better with over 50 per cent respondents believing that they have fully mitigated the risks their bold moves incurred since 2020. This includes enabling remote and hybrid work (57 per cent say the cyber risk is fully mitigated); accelerated cloud adoption (61 per cent); increased use of the internet of things (67 per cent); increased digitisation of supply chains (52 per cent) and back office operations (56 per cent). This is according to PwC’s annual Global Digital Trust Insights – India edition.
According to the survey, organizations across the globe worry about more threats and cyber events in 2023 – 65% of surveyed business executives feel cybercriminals will significantly affect their organization in 2023 compared to 2022. In India, cloud-based pathways (59 per cent) and the internet of things (58 per cent) are top areas of concern, followed by mobile devices and software supply chains (54 per cent). Globally, mobile devices are considered most unsecure (41per cent).
Sivarama Krishnan, Partner and APAC Cybersecurity Leader, PwC, said, ‘The digitalisation of business demands that corporates and boards invest in becoming more cyber resilient. This needs to be across the spectrum – in technology, people, processes and engineering capabilities. Our survey clearly reveals that organisations that have made cybersecurity a strategic priority have witnessed less disruption to business. Cyber resilience is not only key to survival of businesses but also a key driver of public trust.”
According to the survey, 89% of Indian business executives say their organisation’s cybersecurity team detected a significant cyberthreat to business and prevented it from affecting their operations, as against 70% globally. It also highlights that 83% Indian business executives say their organisation’s cybersecurity team has improved supply chain risk management. The survey highlights that of all the risks affecting organizations, our India respondents consider a catastrophic cyberattack, a resurgence of COVID-19 or a new health crisis, and a new geopolitical conflict as the top three risks.
The majority of executives surveyed say their organizations are continuing to increase their cyber budgets – 69 per cent say that the budget increased in 2022 and 65 per cent plan to spend more on cyber in 2023. Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning. According to the survey, a catastrophic cyberattack ranks higher than global recession or another health crisis for organizations’ resilience planning.
Concerns around cybersecurity extend to the C suite. Most CEOs surveyed are planning to ramp up action cybersecurity measures in the coming year – 52 per cent say they will drive major initiatives to improve their organization’s cyber posture. Many CFOs surveyed are also planning to increase their cyber focus, including cyber technology solutions (39 per cent), focus on strategy and coordination with engineering/operations (37 per cent) and upskilling and hiring of cyber talent (36 per cent).
It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. The range of harm organizations have experienced due to a cyber breach or data privacy incident over the past three years includes loss of customers (cited by 27%), loss of customer data (25 per cent) and reputational or brand damage (23 per cent)