Although cybersecurity has been present in business strategies for years, the challenges to be overcome are still numerous. According to the report Global Digital Trust Insights 2025 prepared by PwC77% of companies (both globally and in Spain) expect their cybersecurity budget to increase over the next year. However, the survey, which polled 4,042 business and technology executives from 77 countries (including 146 in Spain), shows that so far only 2% of companies surveyed have implemented a global “cyber-resilience” strategyit is what allows an organization to prevent, resist, and recover from cybersecurity incidents.
Aware of the need to strengthen the cybersecurity strategy In companies, in the short term, managers have decided to continue to significantly increase investments in the 2025 budget. Concretely, 30% of organizations anticipate that their cybersecurity budget will increase. between 6% and 10% next year. In fact, one in five people (20%) have plans to increase its cybersecurity budget by 11% or more in the next fiscal year.
Among the strategic priorities that leaders have set for the next 12 months, 36% of leaders emphasize that they intend to work on reducing deadlines. response to cyber incidentsas well as growing confidence in the ability to manage threats (mentioned 31% of those surveyed) and improving the customer and employee experience (30%).
The managers interviewed also believe that measuring Cyber risk will be crucial for prioritizing cybersecurity investments: This is what 88% of managers around the world and 93% in Spain say. For 87% of executives (81% in Spain), it will also be essential to allocate resources to the areas of greatest risk. However, only 15% of organizations (13% in Spain) recognizes that it does so effectively. Scope uncertainty, as well as problems related to data and information processing, top the list of obstacles to the implementation of cyber risk quantification, as does lack of confidence in the reliability of quantification results.
How much does a cybersecurity incident cost?
The cost of a cybersecurity incident is very high: 25% of executives surveyed admit to having experienced a problem of this type in the last three years that cost their organization at least a million dollars. (920,000 euros). On average, A cybersecurity incident costs businesses $3.32 million (€3.06 million).
Cybersecurity, among the three biggest concerns of managers. The PwC survey also reveals that 66% of technology leaders and 48% of business executives rank cybersecurity among their top three concerns over the years. the next 12 monthswhich underlines the critical importance of its management, for which the role of the CISO and the security function is key.
According to this year’s survey, Top 4 Cybersecurity Threats Executives Fear Most — those related to the cloud (42%), hacking and breach operations (38%), third-party security breaches (35%) and attacks on connected products (33%) — are the same as those to which security leaders feel less prepared. advice.
Generative AI: transforming risk into opportunity
Rapid advances in generative artificial intelligence (GenAI) are creating new opportunities for businesses, but they are also opening new gaps in cybersecurity. Seven in ten executives (67% globally and 69% in Spain) highlight that AI has significantly expanded the attack surface over the past year, increasing the vulnerable perimeter of their business. Something similar happens with cloud technology or cloud platforms, which are mentioned by 66% of executives worldwide and 72% in Spain. In the same vein, according to the latest Global CEO Survey carried out by PwC, it was highlighted that 64% of managers worldwide agree that generative AI will increase the cybersecurity risk in the organization.
One of the main concerns businesses have regarding the use of AI is that this technology can enable less sophisticated cyber threatsthrough effective phishing attacks and large-scale deepfakes. Additionally, businesses fear that through AI, cybercriminals can compromise their data integrity and privacy. They also fear having to deal with more regulatory compliance, as regulatory obligations on AI multiply. Recognizing the strategic importance of this new technology, 78% of business leaders have increased their investments in generative AI over the past 12 months. Along the same lines, 72% have increased their investments in managing government risks related to artificial intelligence.
For Jesús Romero, partner responsible for enterprise security solutions at PwC“The survey reveals that while cybersecurity maturity continues to evolve in large organizations, significant challenges remain and must still be addressed to ensure cyber resilience, due to an ever-expanding exposure footprint, driven by increasing reliance on the cloud, advances in AI, interconnected devices and the complexity of supply chains. Our report includes, among other interesting aspects, what these challenges are for the main Spanish and global organizations, and how they hope to face them over the next year.
