Key findings from PwC's 2024 Global Digital Trust Insights Survey

Reviewing PwC’s 2024 Global Digital Trust Insights Survey

In their recent survey, PwC stated that this year was ripe for several major cybersecurity shifts, “each of which could be disruptive on its own.” This comes on the heels of the statement that “this is likely to be a watershed year” and the revelation that over 30% of companies still don’t maintain a basic level of cyber defense.

Previously known as the Global State of Information Security Survey (GSISS), PwC’s 2024 Global Digital Trust Insights survey is not only the longest-running annual survey on cybersecurity trends (26 years and counting) but also the only one in the industry that draws participation from senior business executives as well as the expected security and IT brass.

Let’s review some of those key disruptive shifts and what they will mean for cybersecurity.

C-suite leans into cybersecurity despite budget constraints

As the report states, “In today’s business climate, we simply can’t talk about digital transformation or reinvention without mentioning cybersecurity in the same breath.” It seems non-technical executives are noticing this and seeing cybersecurity as intrinsic to their business goals, especially in today’s world where “every company is a technology company,” no matter what service it provides.

Stats from the report indicate that heavy financial blows dealt by cyberattacks may have contributed to that change of heart. Last year, 27% of respondents indicated having experienced a breach costing over 1 million dollars; this year, the figure shot up to 36%, an increase of nearly ten percent in just twelve months.

The hardest hit industries are as follows, followed by the percentage that experienced a breach costing more than $1 million:

  • Healthcare 47%
  • Tech, Media, & Telecomm 43%
  • Financial Services 38%
  • Energy, Utilities, & Resources 33%
  • Retail and Consumer 28%

As cyberattacks continue to hit targets outside of technology (and hit hard), executives are waking up to the reality that no line of business can afford to ignore cyber protection. According to PwC research, 40% of CEOs now think their companies may no longer be solvent if they continue their current path for the next decade. The good news is that many are doing something about it.

Two years ago, CEOs were concerned that bad actors were slipping through holes in their overly complex environments. It seemed that having a high number of underutilized security tools was backfiring. This year, 44% are using a simplified, integrated suite of solutions, and nearly as many (39%) plan to do so within the next few years. While this does create another security line item at a time when cybersecurity budgets are being slashed, it seems rising rates and costs of cyber incidents are enough to make the sacrifice worthwhile for the C-suite. For 49% of business leaders, modernizing existing cyber infrastructure is a top priority for the coming year – budget cuts or not. And that goes for optimizing cloud protection, as well. Cloud security is the top threat for 47% of respondents and the number one cybersecurity investment for one-third (33%).

Generative AI brings new threats – and new ways to beat them

Perhaps there is another reason executives are so inclined to lean forward on cybersecurity initiatives despite growing macroeconomic uncertainty. Generative AI technologies are promising to close the gap between security goals and outcomes for smaller, less-resourced teams. In this year’s survey, nearly seven in ten declared their intent to use GenAI for cyber defense.

Nearly half (47%) are already using it for cyber risk detection and mitigation, and more than one-fifth (21%) reported seeing positive results in their security programs after using it during the few months it had been on the market. While it may be too soon to tell the long-term consequences of intimately introducing the new technology into an environment, GenAI is being stretched to provide cybersecurity value in the following areas as quickly as possible:

  1. Threat detection and analysis | Identifying patterns and anomalies at rapid speed and quickly identifying problems, assessing the scope, and autonomously trying solutions.
  2. Cyber risk and incident reporting | Simplifying the process with Natural Language Processing (NLP) to translate dense technical reporting into palatable language anyone can understand.
  3. Adaptive controls | Machine Learning (ML)-based technologies could recommend to-the-minute best practices and policies as cloud environments and software supply chains evolve.

Now that artificial intelligence is being used to the full extent of its capabilities, the only question remaining for decision-makers is how it will be used responsibly. The answer comes in the form of rules and regulations.

A new (and mandated) era of cybersecurity openness?

We got a taste of the legislative wave when data privacy policies started cropping up eight years ago, and we are still very much in the middle of it. However, the release of GenAI (and all its capabilities) prompted a second tidal-sized wave that is hitting as we speak. This adds to the general torrent of legal regulations that the industry can expect – and is hoping for – as the year progresses.

When asked which type of legislation would be most crucial to securing the future growth of their organizations, leaders answered:

  • Regulation of artificial intelligence – 37%
  • Harmonized cyber and data protection laws – 36%
  • Mandatory reporting of cyber risk, management, strategy, and governance – 35%
  • Harmonized privacy rights and/or protection – 32%

In addition to other concerns such as mandatory regulations for operational resilience (32%), mandatory reporting of incidents in financial disclosures (26%), and shifting the liability for cyber failures to specific companies (25%). No one likes to fill out another report. Still, in the face of so many potential compliance issues, privacy debacles, and supply chain security failings, it seems everyone wants as much legal protection as possible.

Conclusion

In wrapping up this article reviewing PwC’s 2024 Global Digital Trust Insights Survey, there is a line from the report that stands out to me. As the report sums up, “It’s no longer business-as-usual” at your organization. Tectonic trends in budgets, technology, and legislation are creating undercurrents of change that demand action, and business leaders and security executives alike are responding. This year will be a proving ground to see who delivers on their promises: AI to secure better and faster than we’ve ever seen, lawmakers to come down hard on privacy and data loose ends, or C-suite executives to put their best-laid cybersecurity plans into action.

If you enjoyed this blog post reviewing PwC’s 2024 Global Digital Trust Insights Survey, you can find many more informative articles in our back catalog here.

Scroll to top