• One in three Indian organisations suffered data breaches costing USD 1 million or more in the last three years
• 55% of executives flag cloud threats as top risk, 50% feel unprepared to tackle these
• 87% of organisations boosted investments in GEN AI for cyber defence strategies,
• 42% of Indian business leaders are prioritising data protection and remediation
New Delhi, 21 November 2024: Indian executives rank cybersecurity as their top risk mitigation priority (61%), followed by digital and technology risks (60%), inflation (48%), and environmental risks (30%) for the next 12-months, as per findings from PwC’s 2025 Digital Trust Insights – India Highlights.
The report revealed that 93% of respondents anticipate an increase in their cybersecurity budgets next year, with 17% planning to raise their budgets by 15% or more—an increase of 1% from last year. Additionally, 42% of Indian business leaders are prioritising data protection and remediation in the aftermath of recent cyber breaches as their main cyber investment for the coming year.
Sivarama Krishnan, Partner and Leader, Partner & Leader, Risk Consulting, PwC India & Leader of APAC Cyber Security & Privacy, PwC commented, “From the boardroom to operational teams, it is essential that business leaders hold each other accountable and respond to the evolving landscape of cyber threats. By embracing advanced technologies, adhering to foundational cybersecurity principles, and allocating resources effectively, organisations need to stay committed to fortifying defences and safeguarding their future.”
Cloud-related threats remain the foremost worry, cited by 55% of Indian executives as their most concerning cyber risk, marking a 3% increase from the previous year. However, 50% of security leaders and chief financial officers (CFOs) feel least prepared to address these threats in the coming year.
The report also goes on to state that all security leaders and CFOs have stated that regulations have prompted them to boost their cyber investments with 74% enhancing or strengthening their cybersecurity stance. It underscores the critical role of strategic investments and regulatory compliance in shaping a resilient cyber future for Indian businesses.
Further reinforcing the shift towards advanced technological defences, the report highlights that Gen AI is at the helm of cyber investment priorities, with 87% of organisations having boosted their investments over the last 12 months. Additionally, 86% of organisations have increased their spending on AI governance as part of their risk management strategies. Furthermore, 80% of Indian companies are highly confident in their ability to comply with AI regulations.
“Advances in emerging technologies such as artificial intelligence (AI) and the increased adoption of cloud services have significantly expanded the attack surface for enterprises. This trend underscores the necessity for a flexible, enterprise-wide resilience strategy. Organisations must align their priorities and readiness at every level to safeguard security and ensure seamless business continuity,” said Manu Dwivedi, Partner and Leader – Cybersecurity and Risk Consulting GCC, PwC India.
Sundareshwar Krishnamurthy, Partner and Leader -Cybersecurity, PwC India said, “Cyber regulations are consistently driving heightened cybersecurity spending, with every executive surveyed acknowledging that regulatory mandates have driven them to bolster their security measures. Close to three-fourths of these executives report that these regulations have tested, upgraded, or strengthened their cybersecurity stance. Compliance should be seen not as a mere tick-in-the-box exercise, but as a strategic opportunity to build long-term resilience and foster trust with stakeholders.”
Despite all efforts, the impact of cyber incidents remains substantial. The percentage of security leaders in India reporting a data breach with costs exceeding USD 20 million has decreased by 3% from last year to 8%. Additionally, 44% of leaders have experienced a data breach costing over USD 500,000 in the past three years. More than 33% of leaders indicate that most of their serious data breaches within the last three years have incurred costs of no less than USD 1 million.
Sivarama added, “Although a majority of senior leaders acknowledge the importance of quantifying cyber risk to prioritise investments, only one-fifth of organisations are adopting thorough risk quantification methodologies. This disparity highlights an overlooked opportunity that must now be addressed. Developing a dependable cyber risk quantification system is crucial for informed decision-making and prioritising strategic investments.”
The PwC India Digital Trust Insights 2025 features insights from 4,042 business, technology, and security executives across various regions, including 155 executives representing Indian businesses.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 152 countries with over 327,000 people who are committed to delivering quality in Assurance, Advisory and Tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
© 2024 PwC. All rights reserved.