According to PwC’s annual Global Digital Trust Insights Survey, which polls more than 3,500 senior executives from 65 countries, one in every four companies [27%] has experienced a data breach that cost them $1-$20 million or more in the last three years.
“The percentage rises to one in three [34%] for companies surveyed in North America, with only 14% of firms globally reporting that no data breaches occurred during the period,” a spokesperson said.
Despite the fact that cyber attacks continue to cost businesses millions of dollars, less than 40% of executives polled believe they have fully mitigated cybersecurity risk exposure in a number of critical areas. This includes enabling remote and hybrid work [38% say the cyber risk has been fully mitigated]; accelerating cloud adoption [35%]; increasing use of the internet of things [34%]; increasing digitisation of supply chain [32%] and back office operations [31%].
“Supply chain security is a major concern for the operations-focused executives polled.” “Nine out of ten respondents expressed concern about their organization’s ability to withstand a cyber attack that disrupts its supply chain, with 56% extremely or very concerned.”
“The continued rise in the frequency and severity of cyber attacks has fueled a growing demand for cyber coverage, which appears to be far outstripping supply, offering a huge commercial opportunity for specialty insurers and reinsurers,” said Matt Britten, Insurance Partner at PwC Bermuda. “Although the rapid evolution of cyber risk poses extreme challenges to underwriting and pricing, reinsurers risk losing relevance if demand for cyber cover is not met.”
“During 2021 and this year, there has been a significant acceleration among Bermuda-based reinsurers toward speciality reinsurance, with several carriers and brokers establishing dedicated cyber teams and units,” he added. This trend is expected to continue as they work to increase market capacity.”
The majority of organizations are increasing their cyber budgets.
“The majority of executives surveyed said their organizations are continuing to increase their cyber budgets – 69% said the budget increased in 2022 and 65% plan to spend more on cyber in 2023,” the spokesperson said. Increasing budgets reflect the fact that cybersecurity is at the top of the resilience planning agenda.
“Cybersecurity concerns extend all the way to the top of organizations.” The majority of CEOs polled expect to increase cybersecurity action in the coming year, with 52% planning major initiatives to improve their organization’s cyber posture. Many CFOs surveyed plan to increase their cyber focus, including cyber technology solutions [39%], strategy and coordination with engineering/operations [37%], and cyber talent upskilling and hiring [36%].
“It’s easy to see why cyber is moving up the corporate agenda. According to marketing executives polled, the cost of cyber breaches extends far beyond direct financial costs. Over the last three years, organizations have suffered a variety of consequences as a result of a cyber breach or data privacy incident, including customer loss [cited by 27%], customer data loss [25%], and reputational or brand damage [23%].”
“According to PwC’s survey – a catastrophic cyber attack is the top scenario in 2023 resilience plans,” said Bruce Scott, Cyber Leader, PwC in the Caribbean. It is more serious than a global recession, a new health crisis, or an inflationary environment. As cyber threats become more frequent and sophisticated, a comprehensive approach to cybersecurity has emerged as a top priority for the C-suite and boards.”
“It’s clear from PwC’s survey that a higher level of public-private collaboration is needed to address the increasingly complex cyber threat landscape – companies are calling for increased information sharing and transparency, as well as a consistent format for mandatory disclosure of cyber incidents,” the spokesperson said.
“The good news is that cyber has progressed on many fronts as CISOs and cyber teams rise to the challenge, and other C-suite executives join forces with them,” said Anthony Zamore, Cyber director, PwC in the Caribbean.
“While progress has been made, Zamore cautions, there are three things that need to be put in place to keep pace with digital transformation and help build public trust,” the spokesperson said.
- A program for strategic risk management
- Continuity and disaster planning
- External reporting is clear and consistent.
- Mandatory reporting of cyber incidents is preferred.
“Four out of every five organizations [79%] surveyed believe that a comparable and consistent format for mandatory disclosure of cyber incidents is required to build stakeholder confidence and trust.” Three-quarters [76%] believe that increased investor reporting will benefit the organization and the entire ecosystem. Additionally, the same percentage believes that governments should be expected to use the knowledge base derived from mandatory cyber attack disclosures to develop cyber defense techniques for the private sector.
“While there is a clear preference for mandatory disclosure of cyber incidents, less than half [42%] of executives polled are fully confident that their organization will provide required information about a material/significant incident within the specified reporting period.” There is also a reluctance to share too much information: 70% believe that greater public information sharing and transparency poses a risk and may result in a loss of competitive advantage.”