The challenges and opportunities in cybersecurity have never been more pressing, with 2025 promising to test the resilience of organizations worldwide.
A recent study from PwC surveyed 4,042 business and technology executives across 77 countries to uncover critical gaps in cyber resilience as we head into a new year.
With participants spanning industries like financial services, healthcare, and government, the study uncovers tough truths about how prepared organizations are in a world that’s becoming more connected and tightly regulated.
Unprepared for Critical Threats
Organizations are grappling with a rapidly expanding attack surface, driven by the adoption of cloud technologies, connected devices, and AI.
Alarmingly, only 2% of surveyed executives reported full implementation of cyber resilience actions across their operations. Despite heightened awareness, businesses feel least prepared to address their most concerning threats, including cloud-related risks and third-party breaches.
A notable gap exists between security executives and other leaders regarding threat priorities.
For instance, CISOs often rank ransomware higher as a critical risk than other executives due to their operational insights, highlighting the need for stronger cross-functional alignment.
PwC: 2025 Global Digital Trust Insights
AI and Emerging Technologies: Double-Edged Sword
While GenAI offers transformative opportunities for threat detection and cyber defense, it also increases vulnerabilities.
According to the survey, 67% of executives report that GenAI has expanded their attack surface. Threat actors are leveraging the technology for large-scale phishing attacks and deepfakes, complicating defense strategies.
Interestingly, 78% of respondents increased investments in GenAI over the past year, prioritizing governance to balance its risks and benefits.
Beyond AI, the growing interconnectivity of devices and the looming potential of quantum computing further underscore the increasing complexity of cybersecurity challenges. Forward-thinking organizations are already exploring quantum-resistant technologies to future-proof their defenses.
Compliance Confidence Lags
As cyber regulations tighten globally, organizations face growing pressure to adapt. Nearly all survey participants (96%) acknowledged that regulations had spurred greater cybersecurity investment.
Yet, significant confidence gaps persist, particularly regarding AI governance and critical infrastructure compliance.
CISOs, often closest to the operational hurdles of compliance, express less optimism than CEOs about their organization’s readiness. Bridging this divide requires better communication and alignment at the executive level.
Rather than treating compliance as a checkbox exercise, the survey highlights how it can serve as an opportunity to strengthen resilience and build stakeholder trust.
Strategic Investments Build Trust
Cybersecurity is no longer just about protection, it’s a competitive differentiator. 77% of surveyed executives expect increased budgets for cybersecurity in 2025.
Data protection and cloud security rank as top investment priorities, reflecting a growing recognition of their role in maintaining customer trust and brand integrity.
However, the study revealed discrepancies in investment priorities between business and tech executives, with the former focusing on data trust and the latter emphasizing cloud security. Closing this gap requires alignment on shared goals to ensure resilience and stakeholder confidence.
PwC: 2025 Global Digital Trust Insights
A Roadmap for Leaders
PwC’s survey outlines key strategies for businesses to enhance their cyber resilience. To tackle the challenges of 2025, the findings point to three critical priorities for leaders to consider:
- Proactive Preparation: Address critical gaps in readiness for emerging threats, including AI-driven risks and third-party vulnerabilities, to safeguard operations effectively.
- Executive Collaboration: Foster stronger alignment between CISOs, CEOs, and other decision-makers to ensure cohesive strategies and a shared understanding of priorities.
- Strategic Investment: Focus resources on the areas of greatest risk, such as cloud security and data protection, while balancing immediate needs with long-term resilience.
By following this roadmap, organizations can not only enhance their defenses but also position themselves as trusted leaders in their industries.
The Wrap
As 2025 approaches, cybersecurity remains both challenging and full of opportunity. PwC’s findings highlight the critical need for holistic strategies that integrate cutting-edge technology, regulatory compliance, and executive alignment.
Organizations that embrace proactive measures, foster cross-functional collaboration, and prioritize targeted investments will be better equipped to navigate the complexities ahead.
The road to cyber resilience is not without its hurdles, but it offers significant rewards—stronger defenses, enhanced trust, and sustainable growth.