Why cyber resilience is key to accelerating and safeguarding critical change

Young woman in front of lights using tablet

An outlook of persistent disruption, economic turmoil and growth challenges is putting a heightened focus on the need for organisations to accelerate critical change and transformation. Inaction is not an option when one in five CEOs in our 27th UK CEO Survey say their organisation will not be economically viable within a decade on its current path and fewer than half (42%) have strong confidence in their growth prospects this year.

Unlocking growth amid disruption

Cyber resilience needs to sit at the heart of this reinvention. Organisations must stay ahead of - not just respond to - increasingly complex and high impact cyber risk if they are to securely and safely unlock greater value from their data, using technologies such as cloud and generative AI (GenAI).

The positive news is that more than half of UK CEOs (53%) are stepping in and taking personal responsibility for driving change across the organisation - from appointing dedicated transformation leaders and teams to reallocating capital to transformation projects and raising additional funding for them. But cyber security must also be driven from the top, across the entire organisation.

“Cyber security and transformation are inextricably linked. Putting cyber security at the centre of the need for business model reinvention is critical to gain trust, safeguard reputation and build resilience to protect value - but crucially also to take risk more intelligently and create new sources of value.”

Alex Petsopoulos
Partner, Cyber Security, PwC UK

The technology transformation opportunity - and risk

Much of the essential change that organisations are pursuing can only be achieved by more effective use of technology. Some 87% of UK CEOs say they have recently completed or are currently running, or planning, at least one transformative IT project, and more than three-quarters (76%) say they will invest in cloud infrastructure and data and AI this year.

But this growing reliance on technology increases the potential and severity of technology-related risks such as data loss, regulatory compliance failures and catastrophic cyber attacks.

Cyber risk ranked second behind only inflation when respondents to our Global Risk Survey (GRS) 2023 were asked which risks they feel highly or extremely exposed to in the next 12 months. And the evolving and wide-ranging nature of cyber threats is evident from our 2024 Digital Trust Insights (DTI) survey.

The scale and cost of cyber attacks is also increasing, with more than a quarter (28%) of UK DTI respondents saying their most damaging breach in the last three years cost between $1m and $9m, and 17% putting that figure at between $10m and $19m.

“While many organisations have invested in preventing cyber incidents, the majority have not considered how they will recover from them. In the event of a high-impact incident, those who are not adequately prepared can expect a long road back to normal operations, significant financial costs and possible reputation damage.”

Alex Petsopoulos
Partner, Cyber Security, PwC UK

The fine balance between technology opportunity and risk can perhaps be seen most starkly with the rapid rise of GenAI, underscoring the critical importance of cyber security to the safe adoption of emerging technology.

The GenAI opportunity and risks


say GenAI-driven processes within their organisation will increase employee productivity in the next 12 months

Source: 2024 Digital Trust Insights survey UK respondents, PwC

plan to deploy GenAI tools for cyber defence in the next 12 months

Source: 2024 Digital Trust Insights survey UK respondents, PwC

say their organisation understands the cyber risks related to GenAI

Source: 2024 Digital Trust Insights survey UK respondents, PwC

of UK CEOs believe GenAI will increase the spread of misinformation in their business

Source: 27th UK CEO Survey, PwC

Closing the cyber resilience gap

Yet despite the criticality of greater cyber resilience to successful transformation, many organisations still have significant gaps between their ambitions and action. Take cloud, where only a quarter (24%) of UK respondents to the DTI survey say they are prioritising cloud security when allocating their cyber security budget in 2024 despite cloud being ranked the top cyber threat.

“Organisations must consciously consider resilience at every stage of their cloud journey – from ensuring a ‘resilient by design’ mindset in the design and secure deployment of new Cloud solutions, to understanding how new technologies co-exist with existing investments. This is especially important for those seeking to leverage cloud technologies for continuous transformation or business model reinvention. Resilience is about maintaining confidence in ability to recover from major incidents, in a more complex and dynamic environment than ever before - this requires a deep understanding of how inherent cloud capabilities can support you in achieving your resilience goals.”

Karen Penman
Cloud Resilience Lead, PwC UK

Cloud security risks


have yet to address the risks posed by fragmented regulations


have no plan for dealing with concentration risk


have no plan for lack of in-house talent in cloud disciplines


haven’t yet addressed third-party cloud risk

Q: To what extent has your organisation addressed the following challenges with your cloud service provider(s)? (Source: 2024 Digital Trust Insights survey UK respondents, PwC)

Technology complexity is also a challenge. Just under half (45%) of UK respondents to the DTI survey say they use cyber security technology from multiple providers, with plans to integrate it in the next two years. And only half are ‘very satisfied’ with their technology capabilities in key cyber security areas. As a result, only around a quarter of UK organisations say they are consistently achieving (between 81%-100% of the time) key cyber security activities.

The cyber talent challenge and the growing role of managed services

Attracting, retaining and upskilling the cyber talent needed to securely deliver this transformation is a major challenge for many organisations. The majority of UK CEOs (78%) in our UK CEO Survey report some extent of skills shortage within their organisation, and 68% specify a lack of tech capabilities in inhibiting their ability to transform.

Most organisations will not be able to build the cyber skills and tech capabilities needed internally and more than half (57%) of UK respondents to our DTI Survey say that rebalancing between in-house and outsourced or managed services is a top priority over the next 12 months. Just over a quarter (27%) of UK DTI Survey respondents also say managed security services is a priority investment when allocating their organisation’s cyber budget in the next year, while 30% say they are implementing or planning to implement cyber managed services in new areas such as security operations.

From threat to opportunity - changing the way we see cyber risk

By building greater cyber resilience, organisations can take a more informed and confident approach to digital transformation and be alive to the cyber risks, so they can better understand, manage and mitigate them.

This can be seen with the top performing 5% of organisations revealed as ‘stewards of digital trust’ in our DTI survey. These organisations are experiencing fewer breaches, and the attacks that do hit them aren’t as costly. Navigating risk is easier because they’ve streamlined their cyber security solutions. And they’ve positioned themselves for greater productivity and faster growth, outpacing the competition as they plunge into new technologies with confidence that they are well protected.

“The need for resilience and security is a key driver for clients with a reinvention imperative and also a key consideration as they forge their approach to transformation. Just as CEOs are personally taking the lead for change, they must also embrace cyber security as a whole-of-business endeavour.”

Alex Petsopoulos
Partner, Cyber Security, PwC UK

Contact us

Alex Petsopoulos

Alex Petsopoulos

Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)7941 454210

Karen Penman

Karen Penman

Partner, PwC United Kingdom

Tel: +44 (0)7899 797331

Follow us