Bridging the gaps to cyber resilience: the C-suite playbook

Findings from the 2025 Global Digital Trust Insights Survey

In today’s digital age, cybersecurity is a critical necessity for organisations worldwide. PwC’s Digital Trust Insights Survey 2025 gathers insights from over 4,000 business, technology and cybersecurity executives across 77 countries, focusing on their views on the future of technology and cybersecurity. Now in its 27th year, it’s the longest-running annual survey on cybersecurity trends and the largest in the industry. This survey uniquely includes senior business executives, not just security and technology leaders.

The latest findings from PwC’s Global Digital Trust Insights Survey 2025 underscore the importance senior executives place on cybersecurity and emerging technologies. The survey reveals how cybersecurity and resilience are being prioritised within companies. Key topics include the increasing frequency of cyber threats, the top concerns of senior executives, emerging technologies, and the evolving regulatory landscape.

Cybersecurity remains a top concern

PwC’s Digital Trust Insights Survey 2025 offers valuable insights from both Irish and global senior executives, highlighting their prioritisation of cybersecurity for the coming year. Two-thirds (66%) of Irish organisations surveyed plan to increase their cybersecurity budget for 2025, focusing on limiting the impact of cybercrime and enhancing resilience. Cybersecurity is the top risk prioritised for remediation by both Irish (74%) and global (57%) organisations, with digital and technology risks (48%) and inflation (42%) also being significant concerns.

Cyber attacks continue to be major disruptors for organisations globally, often causing significant financial, operational and reputational damage. Results from the Digital Trust Insights Survey 2025 show that over one-third (38%) of respondents experienced a data breach costing their organisation over €500,000. With an ever-changing threat landscape driven by emerging technologies and new ways of working, organisations must be prepared to identify and mitigate risks promptly.

Third-party breaches, ransomware, and cloud-related breaches are the top three threats concerning organisations. The survey emphasises the importance of monitoring suppliers, as third-party breaches are the number one cyber threat for Irish respondents (48%). As organisations increasingly utilise third parties for goods and services, attack groups target these relationships to access networks or sensitive data, making third-party data breaches a significant risk.

Similarly, 28% of respondents identified software supply chain compromise as a top concern. Using third-party software can expose organisations to risks such as vulnerabilities exploited by cybercriminals, leading to data breaches, unauthorised access and potential financial loss. Thorough vetting and continuous monitoring of third-party software are crucial to mitigate these risks effectively. Concerningly, nearly one-third of respondents globally (28%) identified third-party breaches as the cyber threat they are least prepared to address in the next 12 months, underscoring the need for rapid action through formalised Third-Party Risk Management (TPRM) programmes.

Cybersecurity regulations are driving best practices

Compliance with new and emerging cybersecurity regulations is crucial for organisations navigating an increasingly complex digital landscape. These stringent mandates protect sensitive information, ensure operational continuity and build trust with customers and stakeholders. Regulations such as the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive 2 (NIS2) are now coming into force, and organisations must adapt. With the rise in cyberattacks like third-party breaches and ransomware, these regulations provide frameworks for identifying vulnerabilities and implementing robust security measures. A proactive approach not only protects an organisation’s data but also its reputation and financial stability. This is evident as over one-quarter of respondents globally (26%) prioritise allocating their cybersecurity budget for 2025 to comply with regulations and directives.

These regulations also foster trust and confidence among customers and partners. In an era where data privacy is a significant concern, demonstrating compliance reassures stakeholders that the organisation is committed to protecting their information. This trust is vital for maintaining customer loyalty and building long-term business relationships. By investing in cybersecurity, organisations show a commitment to safeguarding assets and maintaining stakeholder confidence, ultimately driving business growth and a competitive edge. The Digital Trust Insights Survey 2025 indicates that senior executives view robust cybersecurity as a market advantage. Over half of Irish respondents see cybersecurity as crucial for customer trust (57%) and brand integrity and loyalty (50%), emphasising the importance of strong cybersecurity controls to gain market share.

By setting high standards, regulations push organisations to adopt advanced security solutions and stay ahead of emerging threats. Irish organisations see the true benefits of stringent cybersecurity regulations, with 28% of respondents stating that new regulations challenge their organisation to strengthen current cyber risk management programmes, processes and governance. Another 22% of respondents indicated that cybersecurity regulations have helped establish guidelines and standards for technology innovation and transformation. Continuous improvement is essential for maintaining a strong security posture in a rapidly evolving digital world.

Cyber resilience is key to maintaining operations

Robust cybersecurity resilience is vital for organisations, as reflected by the rise of cloud computing concepts like high-availability, fault-tolerance and self-healing. Cybersecurity resilience refers to an organisation’s ability to prepare for, respond to and recover from cyber incidents, ensuring minimal disruption to operations. Enhanced resilience is driven by cybersecurity regulations such as DORA and NIS2, which ensure that organisations have in-depth resilience capabilities across people, processes and technologies. Despite concerns over cyber risks and enhanced regulations, many businesses struggle to fully implement cyber resilience. A review of 12 resilience actions, including identifying critical business processes, cyber recovery technologies, reporting capabilities and developing playbooks, indicates that 42% or fewer executives believe their organisations have fully implemented any one of these actions. Alarmingly, only 2% say all 12 resilience actions have been implemented across their organisation, highlighting the urgent need for enhanced IT and cyber resilience capabilities.

Given the increasing frequency and sophistication of cyberattacks, organisations must be prepared to handle breaches effectively and have the right resources across functions such as business continuity, cybersecurity, crisis management and risk management. Surprisingly, only 20% of respondents have an established resilience team across their organisation, showcasing the need to prioritise mobilising skilled teams for high-pressure situations. Additionally, only 34% of respondents have cyber recovery playbooks in place.

Tabletop exercises are essential for enhancing cyber resilience. These exercises simulate realistic cyberattack scenarios, allowing teams to practise their response strategies in a controlled environment. This helps identify gaps in incident response plans, improve coordination among team members and enhance decision-making under pressure. By regularly conducting these exercises, organisations can build a proactive security culture, ensuring all stakeholders are prepared to handle real cyber incidents effectively. Only 32% of Irish respondents stated that tabletop exercises and simulations are conducted across their organisation, with 18% planning to complete them within the next two years or not planning to do so at all.

In summary, our insights show that organisations need to focus on resilience activities to defend against cyber attacks. Cybersecurity resilience is a crucial part of the overall strategy for protecting data, maintaining business continuity, reducing financial risks and fostering a proactive security culture. By prioritising resilience, organisations can better navigate the complexities of the digital world and safeguard their future.

GenAI and emerging technologies are increasing the cyber threat landscape

Generative AI (GenAI) and other emerging technologies are advancing continuously, allowing organisations to reap their benefits through efficiencies and integration into business processes. GenAI is increasingly used for cybersecurity defence, particularly in threat detection and response, threat intelligence and malware detection. However, while these technologies drive efficiencies and enhance defence mechanisms, they also present significant cybersecurity risks and integration challenges if not used responsibly.

PwC’s Digital Trust Insights Survey 2025 highlights the main obstacles organisations face when incorporating GenAI into their cyber defence strategies. Notably, 39% of respondents globally cited a lack of trust in GenAI by internal stakeholders and difficulties in integrating GenAI with existing systems and processes. Additionally, 38% indicated inadequate internal controls and risk management, while 37% pointed to a lack of standardised internal policies governing the use of GenAI as prominent challenges.

Implementing correct security controls and policies for using GenAI is crucial to promote responsible use within the business and protect data. The importance of these controls is underscored by the introduction of the EU AI Act, which regulates AI to ensure safety, transparency and accountability in its use within organisations.

However, despite these opportunities, organisations face several obstacles when incorporating GenAI into their cyber defence strategies.

Key actions businesses can take today

1. Assess current cybersecurity capabilities

Irish organisations should assess their cybersecurity controls annually against industry standards (e.g. NIST 2.0) to ensure they remain effective against evolving threats. Regular assessments help identify control gaps, vulnerabilities, mitigate risks and comply with regulatory requirements. Understanding current cybersecurity controls allows organisations to strategically plan and implement security projects to mitigate identified risks.

2. Be prepared for regulatory change

With the ever-changing regulatory landscape, particularly within the EU, businesses must assess current compliance to avoid legal and financial penalties and protect sensitive data. Regular evaluations against regulations help identify and fix gaps, ensuring robust defences against cyber threats and regulatory compliance. According to PwC’s Digital Trust Insights Survey 2025, organisations now understand that compliance fosters trust with customers and partners, demonstrating a commitment to security. Promptly addressing regulatory compliance safeguards an organisation’s reputation, maintains operational integrity, and keeps them ahead of evolving requirements.

3. Understand your risk landscape

Businesses should quantify their cyber risk exposure, understand the various threats specific to their organisation or sector, and monitor their exposure continuously. Developing a comprehensive threat profile and risk assessment programme for both cybersecurity and IT, tailored to the organisation, is crucial. Monitoring these risks and understanding how cybersecurity projects lower business risk is vital for senior executives to make informed tactical and strategic decisions.

4. Understand your supply chain risk posture

Organisations can no longer ignore the risks associated with third-party dependencies and outsourcing. They should assess their current third-party risk management programme to ensure alignment with regulatory requirements and take steps to assure stakeholders that third-party risks are being addressed. Additionally, organisations must establish a formalised TPRM function, whether in-house or outsourced to a managed service provider, to mitigate third-party risks.

5. Strengthen your resilience capabilities

Organisations should enhance cyber resilience to strengthen defences and prepare effectively for cyber incidents. Implementing and formalising recovery playbooks and incident response plans is essential for quick threat detection and mitigation. Regular testing ensures that all key stakeholders are aware of their roles and responsibilities during an incident. Adopting advanced cybersecurity technologies and maintaining up-to-date systems will enhance overall resilience.

Cloud computing offers capabilities like multi-availability zone provisioning, autoscaling, automatic backups and automatic failover, leading to high availability and fault tolerance. However, without proper governance and technical guardrails, organisations risk unauthorised access and wasted capacity or increased costs. Therefore, organisations should review their cloud environment’s security against a recognised framework, identify and prioritise gaps, and address control gaps before they are exploited.

We are here to help you

PwC Ireland is a leader in cybersecurity services, dedicated to supporting your organisation’s digital transformation. Our experts are ready to help you plan strategic investments in cybersecurity and protect your organisation from cybercrime. If you have any questions about the security of your business, contact us today to explore how we can help you.