One in four companies (27%) globally has suffered a data breach that cost USD1–20 million or more in the past three years. However, despite cyberattacks continuing to cost businesses millions of dollars, globally fewer than 40% of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas. In India, the figure is slightly better with over 50% respondents believing that they have fully mitigated the risks their bold moves incurred since 2020. This includes enabling remote and hybrid work (57% say the cyber risk is fully mitigated); accelerated cloud adoption (61%); increased use of the internet of things (67%); increased digitisation of supply chains (52%) and back office operations (56%). This is according to PwC’s annual Global Digital Trust Insights – India edition.
According to the survey, organizations across the globe worry about more threats and cyber events in 2023 – 65% of surveyed business executives feel cybercriminals will significantly affect their organization in 2023 compared to 2022. In India, cloud-based pathways (59%) and the internet of things (58%) are top areas of concern, followed by mobile devices and software supply chains (54%). Globally, mobile devices are considered most unsecure (41%).
Sivarama Krishnan, Partner and APAC Cybersecurity Leader, PwC, said, ‘The digitalisation of business demands that corporates and boards invest in becoming more cyber resilient. This needs to be across the spectrum – in technology, people, processes and engineering capabilities. Our survey clearly reveals that organisations that have made cybersecurity a strategic priority have witnessed less disruption to business. Cyber resilience is not only key to survival of businesses but also a key driver of public trust.”
According to the survey, 89% of Indian business executives say their organisation’s cybersecurity team detected a significant cyberthreat to business and prevented it from affecting their operations, as against 70% globally. It also highlights that 83% Indian business executives say their organisation’s cybersecurity team has improved supply chain risk management.
The survey highlights that of all the risks affecting organizations, our India respondents consider a catastrophic cyberattack, a resurgence of COVID-19 or a new health crisis, and a new geopolitical conflict as the top three risks.
Most organizations are increasing their cyber budgets
The majority of executives surveyed say their organizations are continuing to increase their cyber budgets – 69% say that the budget increased in 2022 and 65% plan to spend more on cyber in 2023. Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning. According to the survey, a catastrophic cyberattack ranks higher than global recession or another health crisis for organizations’ resilience planning.
Concerns around cybersecurity extend to the C suite. Most CEOs surveyed are planning to ramp up action cybersecurity measures in the coming year – 52% say they will drive major initiatives to improve their organization’s cyber posture. Many CFOs surveyed are also planning to increase their cyber focus, including cyber technology solutions (39%), focus on strategy and coordination with engineering/operations (37%) and upskilling and hiring of cyber talent (36%).
It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. The range of harm organizations have experienced due to a cyber breach or data privacy incident over the past three years includes loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%)