Companies are increasing budgeted resources to deal with cyberattacks, according to a new survey.

And executives believe there needs to be a uniformed, consistent and compulsory disclosure of cyber incidents, from which governments can learn how to collaborate and develop cyber defence techniques for the private sector.

The 2023 PwC’s Annual Global Digital Trust Insights has reported that one in four companies suffered a data breach costing them up to $20 million or more in the past three years.

The survey captures the views of senior executives on the challenges and opportunities to improve and transform cybersecurity within their organisation in the next 12-18 months.

The survey includes 3,522 respondents across 65 countries. Companies with revenues greater than $1bn make up 52 per cent of those surveyed; 25 per cent have revenues greater than $5bn.

Download PDF File

PwC DTI2023 _ Media Release _ 10_7_2022 (1).pdf

Surprisingly, their desire for mandatory reporting and government involvement appears to over ride their standard default towards corporate secrecy.

Seven out of ten said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.

One in three (34 per cent) companies surveyed in North America have suffered a data breach, with just 14 per cent of firms globally reporting that no data breaches have occurred during the period.

Despite cyberattacks continuing to cost businesses millions of dollars, fewer than 40 per cent of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas.

This includes, enabling remote and hybrid work (38 per cent say the cyber-risk is fully mitigated); accelerated cloud adoption (35 per cent); increased use of internet of things (34 per cent); increased digitisation of supply chain (32 per cent) and back office operations (31 per cent).

For operations-focused executives, supply chain security is a major concern. Nine in ten expressed concern about their organisation’s ability to withstand a cyberattack that disrupts their supply chain, with 56 per cent extremely or very concerned.

“The continued increased prevalence and severity of cyberattacks has fuelled a growing demand for cyber coverage, which appears to be far outstripping supply, offering a huge commercial opportunity for specialty insurers and reinsurers,” said Matt Britten, Insurance Partner, PwC Bermuda.

“The rapid evolution of cyber-risk does present extreme challenges to underwriting and pricing, but reinsurers risk losing relevance if the demand for cyber cover isn't met.”

He added: “During 2021 and this year, there has been an acceleration among Bermuda-based reinsurers towards speciality reinsurance with several carriers and brokers establishing dedicated cyberteams and units. This trend is expected to continue as they work to deploy more capacity to the market."

The majority of executives surveyed for the 2023 PwC’s Annual Global Digital Trust Insights said their organisations are continuing to increase their cyber budgets – 69 per cent said the budget increased in 2022 and 65 per cent plan to spend more on cyber in 2023.

Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning.

Most CEOs surveyed are planning to ramp up action to address cybersecurity in the coming year – 52 per cent said they will drive major initiatives to improve their organisation’s cyber posture.

Many CFOs surveyed are also planning to increase their cyber focus, including cyber technology solutions (39 per cent), focus on strategy and coordination with engineering/operations (37 per cent) and upskilling and hiring of cyber talent (36 per cent)

It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyberbreaches goes much further than direct financial costs, according to marketing-oriented execs surveyed.

The range of harm organisations have experienced due to a cyberbreach or data privacy incident over the past three years include loss of customers (cited by 27 per cent), loss of customer data (25 per cent) and reputational or brand damage (23 per cent).

Bruce Scott, Cyber Leader, PwC in the Caribbean, said: “According to PwC’s survey – a catastrophic cyberattack is the top scenario in 2023 resilience plans. It ranks higher than global recession, a new health crisis or inflationary environment. As cyberthreats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for the C-suite and boards.”

To improve cyber-resilience and build public trust, PwC says the survey makes it clear that a higher level of public-private collaboration is needed to address the increasingly complex cyberthreat landscape – companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber incidents.

Anthony Zamore, Cyber director, PwC in the Caribbean, said: “The good news is cyber has progressed on many fronts as CISOs and cyber teams rise to the challenge, and other C-suite executives join forces with them.”

While progress has been made, Zamore cautions, there are three things that need to be put in place to keep pace with digital transformation and help build public trust: “a strategic risk management programme; continuity and contingency planning; clear, consistent external reporting; and, mandatory disclosure of cyber incidents is favoured.