2025年全球数字信任洞察报告（英文版）-普华永道

Bridgingthegaps

tocyberresilience:TheC-suiteplaybook

Findingsfromthe2025GlobalDigitalTrustInsights

DigitalTrustInsights2

Findingsfromthe2025GlobalDigitalTrustInsights

2%50%13%

Only2%haveimplementedcyberresilienceactionsacrosstheir

organisationinallareassurveyed

Under50%ofCISOsareinvolvedtoalargeextentinkeybusinessactivities

pointgapinconfidencebetweenCISO/CSOsandCEOsregardingcompliancewithAIandresilienceregulations

Withtheattacksurfacecontinuingtoexpandthrough

advancesinAI,connecteddevicesandcloudtechnologiesandtheregulatoryenvironmentinconstantflux,achievingcyberresilienceatanenterpriseleveliscritical.

Yetdespitewidespreadawarenessofthechallenges,

significantgapspersist.Tosafeguardtheirorganisations,executivesshouldtreatcybersecurityasastandingitemonthebusinessagenda,embeddingitintoeverystrategicdecisionanddemandingC-suitecollaboration.

PwC’s2025GlobalDigitalTrustInsightssurveyof4,042businessandtechexecutivesfromacross77countriesrevealedsignificantgapscompaniesmustbridgebeforeachievingcyberresilience.

Gapsinimplementationofcyberresilience:

Despiteheightenedconcernsaboutcyberrisk,only2%oftheexecutivessaytheircompanyhasimplementedcyberresilienceactions

acrosstheirorganisationinallareassurveyed.

Gapsinpreparedness:Organisationsfeelleastpreparedtoaddressthecyberthreatstheyfindmostconcerning,suchascloud-relatedrisksandthird-partybreaches.

GapsinCISOinvolvement:FewerthanhalfoftheexecutivessaytheirCISOsareinvolvedtoalargeextentinstrategicplanning,boardreportingandoverseeingtechdeployments.

Gapsinregulatorycomplianceconfidence:

CEOsandCISO/CSOshavedifferinglevelsofconfidenceintheircompany’sabilitytocomplywithregulations,particularlyregardingAI,

resilienceandcriticalinfrastructure.

Gapsinmeasuringcyberrisk:Although

executivesacknowledgetheimportanceof

measuringcyberrisk,fewerthanhalfdoso

effectively,withonly15%measuringthefinancialimpactofcyberriskstoasignificantextent.

AllofthispointstotheneedforbetterC-suitecollaborationandstrategicinvestmenttostrengthencyberresilience.Byaddressingthesegapsandmakingcybersecurityabusinesspriority,executivescanbridgetoamoresecurefuture.

CISOscanhelpdrivethisoutcomebysharingtech-enabledinsightsandbyexplainingcyberprioritiesinbusinessterms(cost,opportunity,risk).

Table

4...............

7...............

10.............

13.............

16.............

19.............

ofcontents

Navigatingcyberthreats:Establishingasharedvisionforpreparedness

GenAIandemergingtech:Balancingopportunityandrisk

Ahighlyregulatedcyberworld:Arecompaniesreallyready?

Unlockingthepotentialofcyberriskquantification:What’sholding

organisationsback?

Investinginresilience,buildingtrust

Isyourcyberstrategyandleadershipdrivingrealresilience?

PwC|2025GlobalDigitalTrustInsights|3

Threatoutlookandemergingrisks

Navigatingcyberthreats:

Establishingasharedvisionforpreparedness

66%42%Top2

oftechexecutivesrankcyberasthehighestriskformitigation,comparedto48%ofbusinessexecutives

ofexecutivesrankcloud-relatedthreatsastheirmostconcerningcyberthreat

Cloudandconnectedproductattacksarewhatsecurityexecutivesfeelleastpreparedtoaddress

Whilethecybersecuritylandscapecontinuestoevolve,

organisationsarestrugglingwithincreasinglyvolatile

andunpredictablethreats.Anexpandingattacksurface

—spurredbygrowingrelianceoncloud,AI,connected

devicesandthirdparties—demandsanagile,enterprise-wideapproachtoresilience.Aligningorganisational

prioritiesandreadinessisessentialformaintainingsecurityandbusinesscontinuity.

Unpreparedforthemostconcerningthreats

Whatworriesorganisationsmostiswhatthey’releast

preparedfor.Thetopfourcyberthreatsfoundmost

concerning—cloud-relatedthreats,hack-and-leak

operations,third-partybreachesandattacksonconnected

products—arethesameonessecurityexecutivesfeelleastpreparedtoaddress.Thisgaphighlightstheurgentneedforbetterinvestmentsandstrongerresponsecapabilities.

Additionally,aperceptiongapexistsbetweensecurity

executivesandtherestoftheorganisation,withCISOs

andCSOsmorelikelytorankransomwareamongtheirtopthreemostconcerningthreats.Thismayreflecttheirrole,asransomwareismorecentraltocyber/ITdutiesandthoseinthatfunctionlikelyunderstandthevulnerabilitiesbetterthantheirbusinesspeers.Thisfurtherreinforcestheimportanceofbetterinformation-sharingacrossleadershipteamsto

createalignmentonpriorities.

cyberthreatconcernVspreparedness(showing%ranked1-3)

CISO/CSOleadersaremorelikelyto

rankransomwareintheirtopthreemostconcerningcyber

cloud-relatedthreats

Hack-and-

leak

operations

Third-partybreach

Ransomware

Attackson

connected

products

Mostconcerningcyberthreats

cyberthreatsleastpreparedtoaddress

Ascomparedto27%globally

Q2.overthenext12months,whichofthefollowingcyberthreatsisyourorganisationmostconcernedabout(e.g.,risktoyourbrand,lossofbusinessorbusinessdisruption,

compliance)?(Rankedintopthree)Base:Arespondents=4042

Q3.overthenext12months,whichofthecyberthreatsdoyouthinkyourorganisationisleastpreparedtoaddress?(Rankedintopthree)Base:securityleadersandCFO

respondents=1951

source:Pwc2025GlobalDigitalTrustInsights

Wake-upcall

Athreat-informedcyberinvestmentstrategyis

essential.Prioritiseinvestmentsinthemostpressingcyberrisksandtakeacloserlookatwhereresourcesarebeingappliedintermsofpeople,processand

defencecapabilities.

ThreatoutlookandemergingrisksPwC

|2025GlobalDigitalTrustInsights|

4

PwC|2025GlobalDigitalTrustInsights|5

Thestrategicdivide:Businessandtechpriorities

Businessexecutivesandtechexecutivesprioritisedifferentrisks.Whilebusinessexecutivesaremoreconcernedwithinflation,techexecutivesrankcyberrisksastheirtop

priority—likelyduetotheirproximitytothecyberthreatlandscape.Evenso,nearlyhalfofbusinessexecutives

stillrankcyberrisksamongtheirtopthreeconcerns,

underscoringitscriticalimportance.ThissharedconcernrepresentsanopportunityforCISOstoconnectthecyberagendatothebusinessagenda.

RiskmitigationprioritiesforbusinessVstechleaders

(showing%ranked1-3)Inflation

Digitalandtechnologyrisks

cyberrisks

48%

Techleaders

Businessleaders

Q1.whichofthefollowingrisksisyourorganisationprioritisingformitigationoverthenext12months?(Rankedintopthree)Base:Allrespondents=4042

source:Pwc2025GlobalDigitalTrustInsights

Wake-upcall

Businessandtechexecutives—it’stimetogetaligned.

Balanceprioritisationofcyberriskswitheconomicpressurestohelpsafeguardassetsandcreate

resilience.Regularcross-functionalassessmentswillkeepyourstrategyandprioritiesinsync.

Threatoutlookandemergingrisks

Globalaveragedatabreachcostexceeds$3million

Overaquarterofexecutivestellustheirmostdamaging

databreachinthepastthreeyearscosttheirorganisationatleast$1million.Thisissomewhatlowerthanlastyear’ssurveyacrossorganisationsofallsizesandinmostregionsandsectors.Overall,theaveragedatabreachisestimatedat$3.32million.

Topperformers—identifiedasthosewhorespondedthattheirorganisationismorelikelytodemonstratehighqualitycybersecuritypracticesonausualbasis—werelesslikelytoexperienceanydatabreachesinthepastthreeyears.

Thesetopperformersaretypicallyfromlarger,high-growthorganisationswithcyberbudgetsexpectedtoincrease

by15%ormorenextyear,indicatingthatcyberprogrammaturityandfundingcorrelatetobetterresilience.

“

Don’tstopshortonyourjourneyforcybersecurityandresilience.Criminalsandnation-state

actorsarebecomingexpertat

findingunprotectedseams:weakidentityandaccesscontrols,

unpatcheddevicesandsecuritymisconfigurations.”

RobJoyce,Cyber,Risk&RegulatorySeniorFellow,PwCUS,formerSpecialAssistanttothePresident&ActingHomelandSecurityAdvisor

PwC|2025GlobalTrustInsights|

Wake-upcall

Prioritiseholisticriskmitigationstrategiesthat

encompassprevention,detection,responseand

recovery.Understandthebroaderimpactsofabreach—beyondfinancialharm—tobuildtrueresilience.

Executivecall-to-action

Asorganisationsfaceamoresophisticatedthreatlandscape,it’simportantfor

executivesacrosstheC-suite

totakea

proactiveroleinassessingbothcurrentandemergingrisks.Byaligningcybersecuritystrategieswithbroaderbusinessobjectives,executivescanbetterpreparetheirorganisationstomanageriskandbuildresilience.

CISOs:UnderscoretotherestoftheC-suitethe

threatsthatjeopardiseyourbusinessmost,especiallyifinvestmenteffortsneedtobeshifted.

CIOsandchieftechnologyofficers(CTOs):Basedonconversationswiththeriskexecutives,gauge

howcertainthreatscandamageinformationand

infrastructuresecurityatlargeandwhichthreatsposethebiggestbarrierstoresilience.

CFOs:GaindeeperinsightfromtheCISOand

CROonthemostcriticalcybermanagementandinvestmentpriorities.

CEOs:MeetregularlywiththeCROandCISOto

understandthethreatvectorsthey’remostconcernedabout.Makesureyou’rereceivingregularreportingoncurrentthreatmitigationefforts.

Board:Understandthetopcyberriskstothe

organisationandaskthetoughquestionsof

management.Howarerisksbeingmitigated?Dowe

haveadequateplansandfundinginplacetoproactivelyaddressrisksandrespondshouldaneventoccur?

Threatoutlookandemergingrisks

EmergingtechnologiesandGenAI

GenAIandemergingtech:

Balancingopportunityandrisk

67%78%72%

ofsecurityexecutivessaythatGenAIhasincreasedtheirattacksurface

overthelastyear

haveincreasedtheirinvestmentinGenAIoverthelast12months

haveincreasedtheirriskmanagementinvestmentinAIgovernance

WhiletherapidadvancementofgenerativeAI(GenAI)is

usheringinnewopportunitiesacrossindustries,italso

presentscybersecurityrisks.AsorganisationsadoptGenAIandotheremergingtechnologies,theC-suiteshould

navigatemorecomplexandunpredictableattackvectors,integrationobstaclesandthedual-edgednatureofGenAIin

bothcyberdefenceandoffence.UnderlyingthesechallengesaresignificantdataandlegalissuesthatcancomplicatethedeploymentandgovernanceofGenAI.

“

Cybersecurityispredominantlyadatascienceproblem.It’s

becomingimperativeforcyberdefenderstoleveragethepowerofgenerativeAIandmachine

learningtogetclosertothedatatodrivetimelyandactionable

insightsthatmatterthemost.”

MikeElmore,GlobalCISO,GSK

Anevolvingattacksurface

SecurityexecutivesreportthatGenAI(67%)andcloud

technologies(66%)haveexpandedthecyberattacksurfaceoverthepastyear,makingcompaniesmorevulnerableto

sophisticatedthreats.GenAIcanalsoreducebarriersto

entryforlesssophisticatedthreatactors,enablingthemtocrafteffectivephishingattacksanddeepfakesatscale.Thisalignswiththefindingsofour

27thCEOSurvey

,in

which64%ofCEOsgloballyagreedthatGenAIislikelytoincreasecybersecurityriskintheirorganisation.UseofGenAIalsoraisesconcernsaboutdataintegrity,privacyandcomplianceascompaniesdealwithregulatory

obligationsthatarestillevolving.

Alsoexpandingtheattacksurfaceareothertechnologies

suchasconnecteddevicesandoperationaltechnology(OT),whichwillaffectindustriessuchasmanufacturing,healthcareandenergy.Asmoredevicesbecomeinterconnected,

securingthesesystemsbecomesharder.Inaddition,whilequantumcomputingisstillonthehorizon,42%percentofsecurityexecutivesreportthatithasalreadycausedthemtoaddressvulnerabilities.

Technologiesaffectingthecyberattacksurface*

*showingcombinedpercentagewhoselected'increasesignificantly'or'increaseslightly'

Q4.TowhatextenthavethefollowingtechnologiesaffectedthecyberattacksurfaceinyourTenvironmentoverthelast12months?Base:securityleaders=1762

source:Pwc2025GlobalDigitalTrustInsights

Wake-upcall

Continuousassessmentofnewvulnerabilities,

investmentinadvancedsecuritymeasuresand

fosteringclosercollaborationbetweentechnology,security,riskandlegalteamsareparamount.Bystayingpreparedforthesethreats,companies

canbettersafeguardcriticalassetsandmaintainstakeholdertrust.

EmergingtechnologiesandGenAIPwC|2025GlobalDigitalTrustInsights|7

LeveragingGenAIforcyberdefence:Opportunitiesandchallenges

AlthoughGenAIisincreasingthecyberriskattacksurfaceformostorganisations,executivesarealsousingthatsametechnologyforcyberdefence.Thetopthreewaysthey’releveragingGenAIincludethreatdetectionandresponse,

threatintelligenceandmalware/phishingdetection.

However,despitetheseopportunities,organisationsface

severalobstacleswhenincorporatingGenAIintotheircyberdefencestrategies.

Difficultyincorporatingwithexistingsystems/processes(39%)

LackoftrustinGenAIbyinternalstakeholders(39%)

Inadequateinternalcontrolsandriskmanagement

(38%)

Lackofstandardisedinternalpoliciesgoverningitsuse(37%)

Wake-upcall

GenAIcantransformyourcyberdefences,butonlyifyouovercomethechallengestointegrate,trustand

governiteffectively,applying

ResponsibleAI

practices.Otherwise,youriskfallingbehindinthearmsrace

againstthreatactors.

GenAIleadsincyberinvestmentpriorities

Recognisingtheincreasedcyberrisks,78%ofexecutives

haverampeduptheircyberinvestmentinGenAI,

particularlyfocusingongovernance.ThisinvestmentinGenAIunderscorestheimportanceofmanagingbothitscapabilitiesandrisks.

Companiesarealsobeginningto

investinquantum

preparedness.

Althoughadoptionremainsyearsaway,

there’salreadyagrowingimperativetopursuequantum-

resistanttechnologiesandpost-quantumsecuritymeasurestocombatfuturethreatsposedbythistechnologyinthe

wronghands.

EmergingtechnologiesandGenAI

Wake-upcall

InvestinginGenAIisjustthestart.Movetheneedlemorebyexploringtheuntappedpotentialofother

technologies,includingquantum-resistantsolutions,tohelpyourdefencesoutpaceevolvingthreats.

Executivecall-to-action

Asemergingtechnologiesreshapethecybersecurity

landscape,it’scriticalforexecutivesacrosstheC-suiteto

takeanactiveroleinguidingtheirorganisationsthroughboththeopportunitiesandriskstheseinnovationspresent.

CISOs:Helptodrivestandardisationacrossthe

technologyestatetohelpintegrateAIintocyberdefences.Enforceaccessrightsonauser-by-userbasistoidentifyprobableattackvectors.

CIOsandCTOs:DevelopanAIimpactassessmenttoeducatebusinessexecutivesonwhereinvestmentandimplementationmakesthemostsense.PrepareyourplatformsforscalabilityasGenAIusegrows.

CFOs:WorkwiththeCISOonprioritisingthesecurityandconfidentialityoffinancialdataprotection.

Chiefdataofficers(CDOs):Enhanceyourdata

governanceprotocolsandassessanydataprivacyrisksagainstprivacylawsandregulatorguidance.

Chieflegalofficers(CLOs)andgeneralcounsel(GCs):Collaboratewithotherriskandcomplianceteamstoguardagainstimpropersecondaryusesofdataandpotentiallegalexposure.

PwCGlobalDigitalTrustInsights|9

EmergingtechnologiesandGenAI

Regulatorydevelopments

Ahighlyregulatedcyberworld:Arecompaniesreallyready?

96%78%13%

reportthatcybersecurityregulations

havespurredthemtoincreasetheir

cyberinvestmentinthelast12months

believethatregulationshavehelpedtochallenge,improveorincreasetheircybersecurityposture

pointgapinconfidencebetweenCISO/CSOsandCEOsregardingcompliancewithAIandresilienceregulations

Regulatoryframeworksareaskingcompaniestoswiftly

complywithagrowingarrayofrequirements.Asurgeof

newregulations—DORA,CyberResilienceAct,AIAct,

CIRCIA,SingaporeCybersecurityAct,etc.—underscores

theurgencyfororganisationstoaligntheirpracticestotheseheightenedexpectations.Asbusinessesnavigatethese

demands,theyfaceacriticalgapinconfidencebetween

CISO/CSOsandCEOsregardingtheirabilitytoachievefullcompliance.Addressingthesechallengesisessentialto

buildingaresilientandcompliantcybersecurityposturethatcanwithstandbothregulatoryscrutinyandemergingthreats.

Cyberregulationsaredrivingpositivechange

Cyberregulationsareprovingtobeamajordriverfor

cybersecurityinvestment,with96%ofexecutives

acknowledgingthatregulatoryrequirementshavespurred

themtoenhancetheirsecuritymeasures.Moreover,78%

believethatregulationshavehelpedtochallenge,improve

orincreasetheircybersecurityposture.Thisindicatesthat,

despitethedifficultiesofcompliance,regulationsareservingtofurthermaturecybersecuritycapabilitiesacrossindustries.

Regulatorydevelopments

Impactofcybersecurityregulationsonincreasingcybersecurityinvestment

32%

37%Toa

Toalargeextent

moderateextent

14%

13%

Toalimitedextent

3%

Notatall

Toasignificantextent

1%unsure/Notapplicable

Q16.Towhatextent,ifatall,havecybersecurityregulationsincreasedyourorganisation'Scybersecurityinvestmentoverthelast12months?Base:securityleadersandCFO

respondents=1951

source:Pwc2025GlobalDigitalTrustInsights

Helpfulimpactonorganisations

cybersecurityregulationshelped78%oforganisations

24%20%19%15%

challenged

ourorganisationtostrengthen

currentcyberriskmanagement

program,

processesandovernance

approaches

helped

establishguardrails

fortechnologyinnovationandtransformationefforts

helpedbecomemoreresilient

bymandatinganindustry-

wideframework

ledus

toconsider

cybermanagedservicesto

address

regulatory

requirements

Q17.whichonestatement,ifany,bestreflectstheimpactofnewcybersecurityregulationsonyourorganisationoverthelast12months?Base:Allrespondents=4042

source:Pwc2025GlobalDigitalTrustInsights

Wake-upcall

Organisationsthatembraceregulatoryrequirementstendtobenefitfromstrongersecurityframeworks

andamorerobustpostureagainstemergingthreats.Complianceshouldn’tbeviewedasabox-ticking

exercisebutasanopportunitytobuildlong-termresilienceandtrustwithstakeholders.

confidenceinorganisation'sregulationcompliance

showing%highconfidenceforCEOVsCso/cso

Confidencegap:CISOsfeellesscertainthanCEOsaboutcybercompliance

Despitethebeliefthatcyberregulationsarehelpingthe

Artificialintelligence

organisation,there’sasignificantdifferencebetweenCEO

andCISO/CSOconfidenceintheirabilitytocomplywith

Resilience

theseregulations.ThebiggestgapsinvolvecompliancewithAI,resilienceandcriticalinfrastructurerequirements.CISOs,whoareonthefrontlinesofcybersecurity,arelessoptimisticthanCEOsabouttheirorganisation’sabilitytomeetthese

regulatoryrequirements.

criticalinfrastructure

BecauseCISOsaremoreattunedtotheday-to-day

operationaldifficulties,resourceconstraintsandpotentialvulnerabilitiesthatcanhindercybercompliance,it’svital

thattheymoreeffectivelycommunicatetheserisksto

Dataprotection

theleadershipteam.What’spreventingthem?Potential

obstaclesincludebarrierstoCISOparticipationinstrategicdecisionsandaninabilitytojustifytheamountofcyberriskinvestmentneeded.

cyberdisclosure

consumerprivacy

Networkandinformationsecurity

CEO

CSO/CSO

Globalisdenotedbyyellowbar

Q15.Howconfidentareyouinyourorganisation'sabilitytobeincompliancewiththefollowingtypesofregulationsthatmayapplytothegeographicarea(s)inwhichyourorganisationoperates?Base:Allrespondents=4042

source:Pwc2025GlobalDigitalTrustInsights

Wake-upcall

BridgingthisconfidencegaprequiresbetteralignmentandcommunicationbetweensecurityexecutivesandtheC-suite.CEOsshouldmakesurethatCISOsaren’tonlyheardbutalsohavetheresourcesandsupport

necessarytomeetregulatorydemands.CISOsneedtoprovidedata-backedinsightsandmakethebusinesscaseforelevatingcompliancetoastrategicimperative.

Regulatorydevelopments

PwC|2025GlobalDigitalTrustInsights|11

PwC2025GlobalDigitalTrust|

Executivecall-to-action

Asregulatoryrequirementscontinuetoshapethe

cybersecuritylandscape,it’sessentialthatexecutivesacrosstheC-suitestayaheadofcomplianceissueswhileleveragingregulationsasacatalystforinnovation.Creatingalignment

acrosssecurityteams,riskfunctionsandexecutive

leadershipiscrucialformaintainingcompliancereadinessanddrivingstrategicimprovements.

CISOsandCROs:Deliverfrequentreportingtootherexecutiveleadersonthestateofregulationsthat

directlyimpactrespectiveindustryorterritoryneeds,andworktowardsimplementingtechnologyand

regulatorychangemanagementprocesses.

CFOs:Verifytheaccuracy,completenessand

defensibilityofallregulatorydisclosuresofcyberriskmanagementandprogramposture.Developaclear

understandingofmaterialityandthespecificimpactofacyberincident,incorporatingcyberriskquantificationtoaccuratelyassessandcommunicatepotentialrisks.

CEOs:Understandoversightresponsibilitiesto

guidecomplianceefforts,includinganynecessary

coordinationbetweendifferentbusinessunits.IdentifykeyquestionstoaskCISOstocloseanyknowledgegapsoncomplianceposture.

Chiefcomplianceofficers:Stayabreastof

regulatorycompliancerequirementsandcollaboratewiththeCISOandCROtoincorporateproactive

compliancemeasuresandmonitoringtoperiodicallyconfirmcompliance.

CLOsandGCs:Determinetherightamountofdisclosuredetailsneededtofulfilcyberprogramreportingobligations,strikingabalancebetweentransparencyandconfidentiality.

Board:Stayabreastofemergingregulatory

requirementsandseekinputfrommanagementon

proactivemeasuresbeingtakentopreparefornew

requirements.Understandmanagement’sapproachtoassessinganddisclosingcyberincidents.

Regulatorydevelopments

Cyberriskquantification

Unlockingthepotentialofcyberriskquantification:What’s

holdingorganisationsback?

15%87%44%

Only15%aremeasuringthe

financialimpactofcyberriskstoasignificantextent

sayallocatingresourcestoareasofhighestriskisofhighimportance

saydataissuesareatopchallengefacedwhenquantifyingthefinancialimpactofcyberrisk

Ascyberthreatsrapidlyevolveinscopeand

sophistication,cyberriskquantificationhasbecomeacriticaltoolthatorganisationscan’taffordtooverlook.

Butdespiteitswidelyacknowledgedbenefits,several

challenges(dataqualityissues,outputreliability,etc.)haveimpededbroaderadoption.

Measuringcyberriskiscriticalbutlimited

Whileexecutiveslargelyagreethatmeasuringcyberrisk

iscrucialforprioritisingcyberriskinvestments(88%)and

allocatingresourcestoareasofhighestrisk(87%),only15%oforganisationsareactuallydoingittoasignificantextent

(e.g.,extensivecyberriskquantificationwithautomationandextensivereporting).

Fortheorganisationsthatdomeasurerisk,sevenin10

executivesindicatetheyusesecuritypostureassessmentstoquantifyresidualriskbyconsideringtheeffectivenessofkeycontrolssuchascompliancewithvulnerabilityremediation,useraccessreviewsandtrainingcompletion.Theadoptionofmoreholisticcyberriskquantificationpractices,however,remainslimited.

Benefitsofquantifyingcyberrisk

88%88%87%86%84%

Tohelpprioritisecyberinvestments

Tohelpevaluateandcommunicatecyberrisksinlinewithdefinedrisktolerance

Tohelpallocateresourcestoareasofhighestrisk

Todemonstratethecyberriskmanagementprogram'svalue

Tomeasureandcomparethreatsandincidentsonanapples-to-applesbasis

Q27.pleaseindicatehowimportantorunimportantthefollowingaspectsaretoyour

organisationinquantifyingcyberrisk.Base:securityleaders,CEO,BoardMember,CFOandCROrespondentsmeasuringthepotentialfinancialimpactofcyberrisks=1899

Wake-upcall

It’stimetorealisethefullpotentialofcyberrisk

quantification.Thegapbetweenrecognitionand

implementationisamissedopportunitythatcan

nolongerbeignored.Organisationsthatdon’t

measurecyberriskorhaven’tfullydevelopedthiscapabilityareleavingcriticalintelligenceonthe

table,particularlywhenitcomestoinformingboarddecisionsandcapitalallocation.

source:Pwc2025GlobalDigitalTrustInsights

CyberriskquantificationPwC

|2025GlobalDigitalTrustInsights|

13

PwC|2025GlobalDigitalInsights|

Wake-upcall

Whatarethebarrierstowiderimplementation?

Thebarrierstocyberriskquantificationadoption—

anduse—maybestallingprogress.Organisations

can’taffordtoletthesechallengeshindercritical

decision-making.Addresstheseobstaclesheadon,

buildtrustincyberriskquantificationandfullyintegrateitintoyourstrategicprocess.

Dataissues,scopeuncertaintyandlegalconcernsrank

highonthelistofobstaclestoimplementingcyberrisk

quantification.Lackoftrustinthereliabilityofquantificationoutputsisanother.FurthercomplicatingadoptionisthegapbetweenwhatseniorexecutivesexpectandwhatCISOs

deliver,asmeasuringcyberriskrequiresalignmentbetweensecurityexecutivesandbusinessriskappetite.

challengesfacedinquantifyingfinancialimpactofcyberrisk

(showing%rank