PwC report reveals only 2% of organisations achieve firm-wide cyber resilience

A new report from PwC has uncovered alarming gaps in global cybersecurity practices among organisations. The 2025 Global Digital Trust Insights survey, which gathered insights from 4,042 business and technology executives across 77 countries, revealed that only 2% of organisations have fully implemented cyber resilience measures in all areas assessed.

Specifically the survey evaluated 12 key resilience actions related to people, processes, and technology. Fewer than 42% of executives believe their organisations have fully adopted any one of these measures. Among the most critical gaps are:

• Establishing a resilience team, with only 34% reporting implementation organization-wide
• Developing a cyber recovery playbook for IT-loss scenarios, achieved by just 35%
• Mapping technology dependencies, with only 31% completed

These findings highlight a concerning vulnerability, leaving many organisations exposed to cyber attacks that could jeopardise their entire operations.

Another critical issue raised in the report is the insufficient involvement of Chief Information Security Officers (CISOs) in essential business activities. Fewer than 50% of CISOs are significantly engaged in strategic planning for cyber investments, board reporting, or overseeing technology deployments. This lack of participation at high decision-making levels creates the risk of misaligned strategies and weaker security postures. The report advocates for granting CISOs a seat at the table to ensure cybersecurity considerations are embedded within core business strategies.

The rapid integration of new technologies is introducing additional cybersecurity challenges. According to the report, 67% of security executives indicated that the rise of generative AI has expanded their attack surface over the past year. Vulnerabilities are also increasing due to the adoption of cloud technologies and connected devices. Despite these risks, organisations continue to invest in new technologies, with 78% of executives reporting increased spending on generative AI in the last year, underscoring the tension between innovation and security.

Cybersecurity regulations are emerging as a significant catalyst for investment, with 96% of executives acknowledging that regulatory requirements have driven enhancements in their security measures. Furthermore, 78% believe that regulations have prompted improvements or challenges to their cybersecurity posture. However, the report also highlights a notable confidence gap between CISOs/CSOs and CEOs concerning compliance with AI and resilience regulations. This 13-point disparity indicates a disconnect in how different executives view their organisation’s readiness to meet regulatory demands.