One in four companies globally have suffered a data breach that cost them between $1- 20 million or more in the past three years, according to PwC’s annual Global Digital Trust Insights Survey.
According to the survey, which ranked more than 3,500 senior executives across 65 countries, the percentage rises to one in three, which is about 34 per cent for companies surveyed in North America, with only 14 per cent of firms globally reporting that no data breaches have occurred during the period.
Despite cyber attacks continuing to cost businesses millions of dollars, fewer than 40 per cent of executives surveyed said they have fully mitigated cybersecurity risk exposure in a number of critical areas. This includes, enabling remote and hybrid work which 38 per cent said the cyber risk is fully mitigated; accelerated cloud adoption, which is35 per cent; increased use of internet of things (34 per cent); increased digitisation of supply chain (32 per cent) and back office operations (31per cent).
For operations-focused executives surveyed, cybersecurity of the supply chain is a major concern. Nine in ten expressed concern about their organisation’sability to withstand a cyber attack that disrupts their supply chain, with 56 per cent extremely or very concerned.
The survey report said four in five organizations, about 79 per cent surveyed, stated that a comparable and consistent format for mandatory disclosure of cyber incidents was necessary to gain stakeholder confidence and trust. Three-quarters (76 per cent) agreed that increased reporting to investors would be a net benefit to the organisation and entire ecosystem. Further, the same percentage agreed that governments should be expected to use the knowledge base from mandatory cyber attack disclosures to develop cyber defence techniques for the private sector.
While there is a clear preference for mandatory disclosure of cyber incidents, fewer than half about 42 per cent of executives surveyed are fully confident their organisation can provide required information about a material/significant incident within the specified reporting period.
There is also a hesitance to share too much information, as 70 per cent said greater public information sharing and transparency poses a risk and could lead to a loss of competitive advantage.
Analysing the report, Risk Assurance Services Leader, PwC Nigeria, Femi Osinubi, said: “Data breaches are a pervasive threat in today’s digital world. As cyber threats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for C-suites and boards. Companies are strengthening their cyber defenses and regulators are applying pressure to improve cyber resilience and build public trust. It’s clear from our survey that a higher level of public-private collaboration is needed to address the increasingly complex cyber threat landscape – companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber incidents.”
Addressing organisation’s increasing cyber budgets, the report said the majority of executives surveyed said their organisations have continued to increase their cyber budgets, as 69 per cent said the budget increased in 2022, while 65 per cent said they plan to spend more on cyber in 2023. Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning. According to the survey, a catastrophic cyber attack ranks higher than global recession or another health crisis for organisations’ resilience planning.