No Match Found
of Swiss executives are most concerned about cloud-related attacks.
of Swiss executives rank mitigating cyber risks as a top priority over the next 12 months.
of Swiss executives intend to increase their cybersecurity budget in 2024.
In recent years, leaders have had to adapt to new working environments, migrate to cloud platforms, and rely heavily on the digital management of supply chains. With each new venture, additional cyber risks have emerged, and the astonishing rise of generative AI is creating further opportunities and challenges in cybersecurity.
Our findings from the 2024 Global Digital Trust Insights survey show considerable room for improvement in cybersecurity: While excitement and budgets are rising for cutting-edge security programmes, progress on actually improving security is sluggish, if not stagnant. The study reflects the views of 3,800 business, security, and IT leaders from more than 70 countries. Of these respondents, 30% have revenues of $10 billion or more.
Consider these findings: Total breach costs and the number of high-dollar breaches are on the rise. Cloud attacks are the top cyber concern, yet about one-third of organisations lack a risk management plan to address challenges with cloud service providers. Only half are satisfied with their technology capabilities in key cybersecurity areas. Over 30% of companies do not consistently implement standard cyber defence practices.
Imagine a world with security at the epicenter of innovation — the field where bright ideas and bold ambitions flourish. Imagine the CISO right there, working to secure the organisation’s lofty ambitions and prized assets.
In an era where technology is central to business operations, its protection has become synonymous with safeguarding the enterprise itself. What’s more, 2024 is set to be a watershed year, as cybersecurity faces four major shifts, each of which could be disruptive on its own: a C-suite-driven push to modernise technology infrastructure amid economic challenges; the emergence of hybrid cyber threats blending espionage and cybercrime, thrusting cyber defence into the national security spotlight; the introduction of generative AI with its unique set of threats and defence potentials; and new regulations demanding transparency in cyber incident reporting and risk management.
The pressing question remains: How proactive and transformative can leaders be in this evolving landscape, where cyber risk management is in need of reinvention?
Swiss executives have distinctly marked cyber risks as their top mitigation priority, with 65% of them prioritising it compared to 43% globally. On the other hand, they show less inclination towards mitigating digital and tech risk (32% vs. 51% globally) and macroeconomic volatility (39% vs. 41% globally). Instead, they seem to lean more towards addressing geopolitical risks, with 49% doing so, as opposed to the 31% global figure. This heightened attention towards geopolitical risks can be attributed to factors like the companies' exposure to China and repercussions from the war in Ukraine, particularly in terms of energy prices. Such an environment prompts Swiss companies to be more keen on mitigating geopolitical, environmental, and social risks compared to their global counterparts.
The C-suite challenge is this: is your organisation’s cyber risk management keeping up with the changes?
Question: How is your organisation’s cyber budget changing in 2024?
Base: 72 Swiss respondents in PwC’s 2024 Global Digital Trust Insights | 70 Swiss respondents in PwC’s 2023 Global Digital Trust Insights
When it comes to cyber budgets, 2024 will see increased allocations. Globally, there's a 79% total increase in these budgets, while only 5% experience a decrease. Switzerland, in particular, showcases a remarkable shift. The decrease in cyber budgets has shrunk to a mere 1% in 2024 from 14% in 2023. Additionally, a significant net increase is evident with 70% of Swiss companies increasing their cyber budgets in 2024, compared to 54% in 2023. This trend can be attributed not only to geopolitical shifts and accelerated digitalisation but also to the tightening regulatory landscape. New EU regulations, like NIS2, DORA, and the Cyber Resilience Act, have introduced a fresh set of responsibilities for managers, influencing their decision-making in budget allocations.
“Many Swiss companies and government institutions have been hit by numerous severe attacks in the last twelve months, which is of great significance from a national perspective and underscores the necessary prioritisation in risk mitigation measures within Swiss and international companies. At the same time, many organisations in Switzerland face dependencies on global supply chains. Detection and mitigation of cyber risks contribute to a more stable value chain.”Urs Küderli,Partner, Leader Cybersecurity and Privacy, PwC Switzerland
Using the cloud has always been about business innovation - enabling developers to collaborate from anywhere in the world; adopting new, more flexible ways of working; inventing new business models; connecting technologies to help run the business better; providing better service to customers and clients; and so on. But the cloud also poses the greatest cyber risk to businesses.
In the coming 12 months, cloud-related attacks are the top concern for 49% of Swiss executives, a figure that is closely mirrored globally at 47%, making it the top-ranked cyber threat in 2024. This worry increases slightly when looking at users of hybrid cloud providers, with 54% expressing concern. After cloud-related attacks, hack-and-leak operations are the second most prominent threat, with 43% of respondents in Switzerland and 37% globally showing apprehension. Ransomware also features prominently in these concerns, with 39% of Swiss respondents ranking it among their top three threats, compared to 29% globally.
Question: Over the next 12 months, which of the following cyber threats is your organisation most concerned about?
Base: 3,876 survey respondents | 72 Swiss respondents
The C-suite challenge is this: How do you work together and with your cloud security providers to make headway in defending the most important entry points to your systems and assets via the cloud?
Although cloud attacks are the top cyber concern, almost all organisations, a staggering 97%, have some shortcomings in their cloud risk management plans. In fact, a mere 3% of organisations have comprehensive plans that cover all nine cloud security areas. For instance, 57% (compared to 42% globally) have not dealt with the challenges presented by fragmented regulations. Similarly, 56% (41% globally) lack a strategy for managing concentration risk. Additionally, 38% (compared to 36% globally) have yet to formulate a plan for third-party cloud risks.
A notable challenge highlighted by the survey is the perceived skills gap in cloud disciplines. Nearly 60% of Swiss organisations surveyed and 43% globally feel they lack the ability to develop internal talent, particularly in areas such as cloud engineering, and are actively seeking solutions for this predicament.
Question: To what extent has your organisation addressed the following challenges with your cloud service provider(s)?
Base: 68 Swiss respondents
“Our global survey shows that cybersecurity remains at the top of the agenda for business leaders, now more than ever. C-Suites need to be agile and adapt to the changing threat landscape – with new technological developments and changing business requirements hitting the market in a transformative way, leaders need to challenge the status quo by building security into the strategy and fabric of the organisation. A proactive and integrative approach to security is always better than being reactive after a crisis.”Johannes Dohren,Partner, Head of Cyber Resilience and Defense, PwC Switzerland
For 2024, modernisation and optimisation emerge as the leading cyber-investment priorities. A significant 55% of Swiss business leaders, compared to 49% globally, are emphasising technology modernisation, which encompasses the enhancement of cyber infrastructure. On the other hand, 45% of leaders globally, with a slightly lesser 41% in Switzerland, are opting for the optimisation of their current technologies and investments.
The C-suite challenge isn’t a lack of tools or a lack of investment. Instead, it’s figuring out how your organisation can reap the benefits of your investments. Is your IT architecture too complex to adequately protect? Are you making it easy for threat actors to find gaps in your defence?
In Switzerland, there's a noticeable push towards integrated platforms when considering cybersecurity technology. This trend isn't unique to Switzerland, as it's gaining traction globally as well. Currently, 43% of Swiss companies are using technology solutions from various providers, but they intend to transition to an integrated suite within the next two years. This is slightly more than the global percentage, which stands at 39%.
Meanwhile, 25% of Swiss firms are already using an integrated cybersecurity technology suite, although this is significantly lower than the global average of 44%. On the other hand, 28% of Swiss companies, which is almost double the global figure of 15%, continue to use solutions from multiple providers with no plans to change. Looking ahead, it's expected that around 70% of Swiss companies will be using integrated platforms, with only a minority still using multiple technology providers simultaneously.
“A good overview, transparency, and insight into the entire IT and OT landscape are crucial in detecting and defending against cyber-attacks. Too many individual solutions create dissatisfaction among IT professionals regarding the efficiency of their cybersecurity solutions. Disconnected approaches not only reduce efficiency but are also more complex, require greater administrative overhead, and are more expensive.”Fabian Faistauer,Director, Head Cybersecurity Technology & Transformation, PwC Switzerland
There’s great enthusiasm and excitement around generative AI (GenAI) on a global level – and nearly seven in 10 surveyed companies say their organisation will use GenAI for cyber defence. GenAI tools can help reduce a disadvantage for cyber teams overwhelmed by the sheer number and complexity of human-led cyberattacks, both of which continually increase. The three most promising areas for using GenAI in cyber defence are threat detection and analysis, cyber risk and incident reporting, and adaptive controls. But responsible AI needs to catch up.
Question: To what extent do you agree or disagree with the following statements about Generative AI?
Base: All respondents= 3876
In Switzerland, just over half of the companies (51%) have expressed intentions to use Generative AI (GenAI) for cyber defence within the upcoming year. This is somewhat lower than the global figure, where an impressive 69% of companies are gearing up to integrate GenAI into their cyber strategy.
When it comes to the current application of GenAI for detecting and mitigating cyber risks, a quarter of Swiss businesses are on board. This is in contrast to a global rate of 47%. Notably, one out of every ten Swiss companies has already reported benefits from GenAI in their cyber programmes, a significant achievement given the technology's recent introduction. Globally, the impact appears even more profound with 21% of companies acknowledging such benefits.
The C-suite challenge is this: How do you wield the new tools without inviting new risks to flare up in the organisation and in society? What should you do to use GenAI ethically and responsibly?
The enthusiasm for GenAI is not unconditional. There's a growing unease among business and technology leaders about the potential cybersecurity threats posed by GenAI. There's a palpable fear that this technology could amplify cyber threats, particularly by generating sophisticated business email compromises on a large scale. This concern is echoed by 46% of Swiss organisations surveyed, who believe that GenAI could lead to serious cyber-attacks within a year. What's more, while 61% of these companies are committed to using GenAI ethically and responsibly, it's clear that they view its rise with both anticipation and scepticism.
This mixed sentiment also extends to potential business applications. Just over half (53%) of Swiss companies believe that GenAI will help create new business lines within the next three years. However, this optimism is more pronounced globally, with 77% of companies sharing this view. On the other hand, more than 50% of Swiss companies are concerned that they do not have a comprehensive understanding of the cyber risks associated with emerging technologies, which hinders their integration into risk management plans.
Question: To what extent does your organisation understand the cyber risks related to the following technologies?
Base: 72 Swiss respondents
“Executives in Switzerland overall view the rise of Generative AI with a mixture of scepticism and excitement. Companies need to establish sound AI governance and get ahead of risks that could come from exploration with GenAI.”Yan Borboën,Partner, Digital Assurance & Cybersecurity and Privacy, PwC Switzerland
The mainstream view is that new rules and regulations hinder revenues, but here’s the take of at least one-third of respondents: The guardrails regulators put up can give companies added confidence to explore, experiment, invent and compete. Navigating regulatory requirements can become a competitive advantage for leading companies.
This year, Swiss respondents highlighted four key regulations they believe will be crucial for their organisation's future growth. These are harmonised privacy rights and protection (44% compared to 32% globally), the unification of cyber and data protection laws across various regions (38% in Switzerland vs. 36% globally), operational resilience requirements (with 32% mirroring the global percentage), and the regulation of AI (29%). On a global level, regulation related to AI stands out as the most impactful, with 37% of respondents emphasising its significance.
The C-suite challenge is this: Amid regulatory uncertainty, can you give your organisation the room to innovate while keeping security and privacy by design? How do you turn this new regulatory environment as a source of competitive advantage?
“Regulation, when navigated effectively, can become a strategic advantage in a competitive landscape.”Vincent Colonna,Director, Cybersecurity and Privacy, PwC Switzerland
The 2024 Global Digital Trust Insights is a survey of 3,876 business, technology, and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs, and C-Suite officers) conducted in the May through July 2023 period.
Four out of 10 executives are in large companies with $5 billion or more in revenues. Importantly, 30% are in companies with $10 billion or more in revenues.
Respondents operate in a range of industries, including industrial manufacturing (20%), financial services (20%), tech, media, telecom (19%), retail and consumer markets (17%), energy, utilities, and resources (11%), health (9%) and government and public services (3%).
Respondents are based in 71 countries. The regional breakdown is Western Europe (32%), North America (28%), Asia Pacific (18%), Latin America (10%), Eastern Europe (5%), Africa (4%) and Middle East (3%). 72 respondents are based in Switzerland.
The Global Digital Trust Insights Survey had been known as the Global State of Information Security Survey (GSISS). In its 26th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.
PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.