99% of organisations will increase their cyber budgets, out of which 50% envisaged an increase between 6% and 15% in the next 12 months: PwC's 2024 Digital Trust Insights

New Delhi, 10 November, 2023: With much at stake – financial losses, business continuity and reputation – cybersecurity is now the cornerstone of trust. Newer regulations around cybersecurity and data privacy like the Digital Personal Data Protection Act, 2023, have added to the strategic importance of enhanced cyber investments for organisations. More than half the business decision-makers are most concerned about cloud security-related threats and almost half of them are concerned that the outcome of a cyber attack could result in loss of customer data and revenue, reveals PwC India’s 2024 Digital Trust Insights.

The report sheds light on the evolving landscape of cybersecurity, and is based on a comprehensive survey of 3,876 business, technology, and security executives across the globe with 136 participants from India. As per the report, 90% of organisations feel gen AI will help them add new lines of business over the next 12 months, which reveals a significant trend - the widespread adoption of Generative AI (GenAI) for cyber defence. With the impact and risks around generative AI on the minds of most of the business leaders, 91% of organisations feel employees' personal use of generative AI will lead to tangible increases in their productivity within the next 12 months. On the other hand, 73% felt it will lead to  catastrophic cyber attacks in the next 12 months. 

Sivarama Krishnan, Partner & Leader, Risk Consulting, PwC India & Leader of APAC Cyber Security & Privacy said “Our survey highlights that nearly 70% of organisations are actively planning to leverage Gen AI in their cybersecurity strategies, underlining the critical need for proactive and effective defence measures. Gen AI tools have emerged as invaluable assets, as they excel at identifying vulnerabilities, analysing threats, and enhancing incident response capabilities. Furthermore, with cyber investments expected to rise and cloud security emerging as a top concern, the insights also underscore the imperative of prioritising cybersecurity within organisational strategies.”

The report also reveals that in 2024 cyber investments are expected to increase to 14%, up from 11% in 2023, highlighting the growing importance of cybersecurity in organisations' overall strategies. The report also acknowledges the complexity of IT architectures as a challenge. While organisations invest in cybersecurity tools, it emphasises the need to simplify IT infrastructure to adequately protect it.

Reiterating on cyber investments, Sundareshwar Krishnamurthy, Partner and Leader – Cybersecurity, PwC India, said, “With breach costs escalating across the globe, the need for increased cyber investments has heightened. Most of the investments made by organisations are towards technology modernisation and in that context, simplification and unification of the cyber technology stack are widely being adopted. For organisations in India, state-level and sectoral regulations continue to steer systemic changes in cybersecurity and the adoption of principle-based ones seems to be more successful. But irrespective of compliance requirements, businesses are investing in building an all- encompassing cyber resilience programme”.

It is interesting to note that cloud security has emerged as an area of concern with 47% of respondents considering it the top cyber risk. The report stressed on the importance of implementing controls across various aspects of cloud usage, including identity and access management, lateral movement, email security, and more. Additionally, the report also sheds light on the evolving regulatory landscape. Respondents acknowledge that regulatory requirements can provide a competitive advantage. Among the regulatory concerns, the regulation of AI (37%), harmonisation of cyber and data protection laws (36%), and mandatory reporting of cyber risk management (35%) are deemed most critical.

PwC's report also highlights the importance of embracing innovation, automation, and managed services in cybersecurity. These technologies not only provide round-the-clock monitoring but also free up cybersecurity teams to focus on creative thinking and proactive threat mitigation. While cybersecurity tops the risk register, the report calls for a more significant presence of cybersecurity discussions in the boardroom, emphasising that security underpins every aspect of an organisation, including finance, development, technology, and personnel.

The report also provides a comprehensive overview of the challenges and opportunities organisations face in the realm of cybersecurity, making it a valuable resource for decision-makers navigating the complex and dynamic world of digital trust. The report brings to light how cyber transformation is an integral part of business transformation today. It is seen to be encouraging CEOs and CISOs to work collaboratively to protect financial records, proprietary research, and customer data while safeguarding the brand and spurring innovation. “Organisations will need to think about their talent acquisition and retention strategies when it comes to keeping the workforce engaged and informed. Business leaders we surveyed consider upskilling the current workforce, rebalancing between in-house and outsourced or managed services and identifying the right candidates for openings as the three biggest priorities of their cyber talent strategy,” added Krishnan.

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 152 countries with over 327,000 people who are committed to delivering quality in Assurance, Advisory and Tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

© 2023 PwC. All rights reserved.