Business and technology leaders are unprepared for emerging tech, like Generative AI: PwC 2024 Global Digital Trust Insights

  • Business and tech leaders ranked digital and tech at the top for risks they are prioritising for mitigation – nearly twice as high as natural disasters, pandemic, and inequality
  • Cyber budgets in 2024 are increasing, and at a higher rate compared to last year
  • PwC cybersecurity specialists do not expect GenAI to lead to a surge in ‘catastrophic’ cyber attacks — contrary to the majority of respondents (52%) who said that such attacks could happen within the next year
  • Seven in 10 (69%) say their organisation will use GenAI for cyber defence in the next 12 months. Platforms are licensing their large language models in tandem with their cyber tech solutions
  • Cyber attacks on healthcare 20% more costly than other industries — USD5.3mn (THB190mn)[1] avg

BANGKOK, 8 November 2023 – PwC’s 2024 Global Digital Trust Insights survey found that the proportion of businesses that have experienced a data breach of more than USD1mn (THB36mn) has increased significantly from year over year by a third – from 27% to 36%.

The survey of 3,800 business and tech leaders across 71 countries, also finds that companies are viewing the rise of Generative AI with a mixture of scepticism and excitement, and many are bulking up investments in cybersecurity to protect against cyberattacks.

Nearly two-thirds (64%) of respondents said they have increased their sales revenue in the past year, while eight in 10 (82%) expect to increase revenue over the next year. Eight in 10 (79%) expect cyber budgets to increase – up from 65% in 2023. Organisations who show greater maturity in their cybersecurity initiatives, report a greater number of benefits and a lower incidence of costly cyber breach of USD1mn (THB36mn), or a breach at all.

Healthcare industry faces greatest threat from cyber risks

While businesses that have experienced a data breach have increased since PwC’s 2023 survey, the healthcare industry has been the most impacted. The global average cost of a damaging cyber-attack was reported to be USD4.4mn (THB158mn), while in the healthcare sector that cost was 20% higher – USD5.3mn (THB190mn). Nearly half (47%) of all healthcare organisation’s respondents reported a data breach of USD1mn (THB36mn) or greater.

As company size increases, so does the average cost of their most damaging breach. Companies with more than USD10bn (THB360bn) report breaches of USD7.2mn (THB259mn) while those companies with less than USD1bn (THB36bn) report USD1.9mn (THB68mn) in damages.The rise of ‘DefenseGPT’

Among business and tech leaders, there is increasing concern over the rise of Generative AI as it relates to cybersecurity. Another surge in cyber threats may be coming because GenAI can help create advanced business email compromise at scale. CISOs and CIOs should pay attention to a prevailing sentiment: 52% expect GenAI to lead to catastrophic cyber attacks in the next 12 months. Nearly eight in 10 (77%) agreed they intend to use GenAI in an ethical and responsible manner.

Three quarters of business and tech leaders expressed excitement about the potential of Generative AI:

  • 77% agreed that “Generative AI will help our organisation develop new lines of business within the next three years”;
  • 74% agreed “Employees’ personal use of Generative AI will lead to tangible increases in their productivity within the next 12 months”;
  • 75% agreed “Generative AI-driven processes within an organisation will increase employee’s productivity within the next 12 months”.

GenAI is strong at synthesising voluminous data on a cyber incident from multiple systems and sources to help leaders understand what has happened. GenAI can present complex threats in easy-to-understand language, advise on mitigation strategies, and help with searches and investigations.

“Our global survey shows that cybersecurity continues to be top of mind for business leaders, and now more than ever. C-Suites need to be agile and adapt to the changing market — with emerging tech developments hitting the market in transformative ways, executives must challenge the status quo by building security into the fabric of the organisation instead of reacting once there is a crisis,” Sean Joyce, Global Cybersecurity and Privacy Leader, PwC US, said.

The ‘Stewards of Digital Trust’

Cybersecurity improvements and consistency are required, with less than one-third of organisations reporting they are performing key leading cyber-related practices on a consistent ‘usual’ basis. To explore this further, PwC developed an index to identify which organisations have cybersecurity teams that are demonstrating leading cyber practices on a consistent basis. But out of all the respondents, we found five percent of organisations that report consistent implementation of 10 defensive and growth-minded cyber practices; we call them the ‘Stewards of Digital Trust’.

More than half (53%) have revenues of USD5bn (THB180bn) or greater and are more likely to be ‘high growth’ organisations having experienced and expect revenue growth of +10% in the past and upcoming 12 months (17% vs 9% overall).

These organisations are also more likely to say that the most damaging cyber breach in the last three years cost them less than USD100k (THB3.6mn) (28% vs 19% overall). While 36% of organisations overall experienced a USD1mn+ (THB36mn+) cyber breach, this reduces to 29% of Stewards of Digital Trust who cited experiencing a breach of this magnitude. They are also more positive about the potential impact of Generative AI – many strongly agree it will develop new lines of business (49% vs 33% overall) and they will use Generative AI tools for cyber defence (44% vs 27%). They are also more likely to disagree that ‘Gen AI will lead to a catastrophic cyberattack’ (33% vs 22% overall). They’re less likely to allow deployment of GenAI tools before having internal policies in place (31% disagree vs 19% overall and 53% agree vs 63% overall).Business leaders are doubling down on cybersecurity investment

Despite the continued increase in climate change-related natural disasters, ongoing impacts of the Covid-19 pandemic, and rising inequality, business and tech leaders ranked digital and tech as the top risks they are prioritising for mitigation over the next 12 months.

The top three cyber-related threats reported are: cloud-related threats, attacks on connected devices, and hack-and-leak operations. Despite this, more than one-third of companies haven’t instituted risk management efforts, and only one-in-four have made cyber-resilience improvements.

Only two percent of organisations are optimising and continuously improving across all areas of cyber resilience. Equally important, more than 40% of leaders said they do not understand the cyber risks posed by emerging technologies, like virtual environment tools, Generative AI, Enterprise Blockchain, Quantum Computing and Virtual Reality / Augmented Reality.

“Organisations should adopt a Responsible AI toolkit to guide the trusted and ethical use of AI. Although it’s often considered a function of technology, human supervision and intervention are essential to AI. And along with security and privacy risks, they must now account for additional areas involving data risks, model and bias risks, prompt or input risks and user risks when they begin working with GenAI,” Sean Joyce, Global Cybersecurity and Privacy Leader, PwC US, said.

Upskilling and reskilling

Organisations will need to think about their talent acquisition and retention strategies when it comes to keeping the workforce engaged and informed. Leaders cited “upskilling our current workforce fast enough to keep up with the demands of our organisation”; “rebalancing between in-house and outsourced or managed services”; and “identifying the right candidates for openings” as the three biggest priorities as it relates to cyber talent strategy. Organisations who have experienced a cyber breach of USD1mn (THB36mn) are more likely to rank competing for talent in the market (52%) in their top three priorities.Thailand not ready for cyber-resilience

Rishi Anand, Risk Consulting Partner at PwC Thailand, added the increasing digitalisation of operations by Thailand’s businesses makes them more vulnerable to cyber threats.

[2]Thailand has experienced a significant surge in web-based attacks. According to the National Cyber Security Agency (NCSA Thailand), the total web-based attacks recorded as of August 2023 is 973, compared to 651 in 2022, covering 40-60% of total incidents. The financial services sector remains the primary target for bad actors.

“Businesses are at risk from numerous types of cyberattack tactics, including phishing, malware, ransomware and data theft, which involves financial and other personal information. Besides the major banks, most Thai companies have implemented minimal security measures.

“Despite a general awareness of cyber threats, many still assume their organisation won’t fall victim to cyberattacks. They are ill-equipped across several areas of cybersecurity be it identification, detection, protection, response and recovery.” Rishi said.

While we’ve seen an equal measure of excitement and fear about the unknown possibilities of AI, they’ll also play an important role in enhancing cybersecurity controls, Rishi said.

“GenAI presents significant risks to security, privacy and biases. But it can also be used to improve cybersecurity through automated processes like [3]patch management, vulnerability management and penetration testing, as well as detecting threats in real time. These powerful new technologies will speed up investigations, automate responses and coordinate actions during security incidents,” Rishi said.

[1] USD1 = THB36.02 (as of 2 November 2023)

[2] National Cyber Security Agency (NCSA Thailand)

[3] The process of identifying vulnerabilities to help improve software security and performance