Digital transformation is no longer a choice but a necessity, especially for companies looking to remain relevant and prosperous in an increasingly digital world. With any transformation, there are risks. Digital transformations, such as cloud migrations and artificial intelligence (AI) implementations, are expanding companies’ attack surfaces and creating more opportunities for cybercriminals to exploit them.
For many companies, an expanded attack surface may be a cause for concern—particularly if cyber resilience efforts have not appropriately treated the increased risk. As more and more companies wrap their arms around emerging technology, executives and the broader C-suite will need to work together to safeguard their organizations against escalating cyber threats.
PwC's recent 2025 Global Digital Trust Insights survey reveals critical gaps in cyber resilience. These gaps highlighted key resilience actions, such as establishing a resilience team with members from functions like business continuity, cyber and crisis management, developing a cyber recovery playbook for IT-loss scenarios, and mapping technology dependencies, which are only fully implemented by 2% of companies across their entire enterprise. Other critical actions include establishing protocols with major technology providers, running tabletop exercises, sharing information with industry peers, implementing cyber recovery technology solutions, reporting to external stakeholders, establishing relationships with local law enforcement and identifying critical business processes. Comprehensive implementation of these actions is essential for achieving enterprise-wide cyber resilience.
The report also found that while companies have cybersecurity top-of-mind, the top four threats that companies said were most concerning—cloud-related threats (42%), hack-and-leak operations (38%), third-party breaches (35%) and attacks on connected products (33%)—are the same threats that security executives feel least prepared to address.
Additionally, only 35% of organizations reported strong alignment between their cybersecurity strategies and overall business objectives. For the remaining 65% of organizations, this lack of alignment can lead to inefficiencies and vulnerabilities. What’s more—48% of companies are still operating in a reactive mode, addressing cybersecurity threats as they arise instead of proactively managing risks. This approach can create costly inefficiencies as organizations try to catch up to previously materialized risks.
Emerging Threats Change the Game
The growth and proliferation of technology are further complicating the threat landscape. Emerging technologies like generative AI (GenAI) 5G and connected devices are impacting the attack surface for many organizations, making it imperative for technology leaders and C-suite executives to collaborate closely on proper governance and agile cyber risk management. Multi-cloud and hybrid environments further complicate the technology estate and create additional points of vulnerability. Additionally, companies need to address the emerging threats that exist today and prepare for what is on the horizon. For example, becoming more agile with encryption can help companies avoid the risks associated with quantum computing, which is only a few short years away.
- Navigating the dual-edged nature of GenAI: 78% of executives have increased their cyber investment in GenAI, with a strong focus on governance. While using GenAI can impact the cyber risk attack surface for most organizations, proper governance can help keep those risks at bay. Additionally, some organizations are even using GenAI for cyber defense, with use cases such as threat detection and response, threat intelligence and malware/phishing detection, helping to offset some of the heightened vulnerabilities this new technology can pose.
- Investing in quantum preparedness: While adopting quantum computing remains years away, executives and the C-suite must stay invested in quantum-resistant technologies and post-quantum security measures to combat future threats.
4 Collaborative Strategies
While the accessibility of new technologies and the increased risks of leveraging them have made the jobs of threat actors easier, there are steps companies can take to both harden their defenses and bolster their resilience. Here are four actionable strategies technology executives and the C-suite can collaborate on to align their cyber risk management program with business objectives, bridge the gaps in their cyber resilience, navigate new and emerging threats and foster a culture of agility and proactivity.
1. Make cybersecurity a strategic investment to strengthen cyber resilience
Sixty-nine percent of organizations plan to increase their cybersecurity budgets in 2025, indicating that businesses recognize the critical importance of robust cybersecurity measures in safeguarding their digital assets. While this investment is a positive step, particularly in data protection and trust, it is crucial to allocate resources strategically. Technology executives should focus on areas that provide the highest return on investment, such as advanced threat detection systems, endpoint security and employee training programs.
For the C-suite, it’s essential to understand the financial implications of cybersecurity investments and ensure they align with business goals and measurable outcomes. Leaders can track their ROI on cybersecurity in various ways, including reducing the percentage of downtime their company experiences resulting from an incident, reducing the number of reportable cybersecurity incidents to an external party, and increasing maturity scores from external assessments conducted.
2. Foster alignment between cybersecurity and business objectives
Achieving alignment between cybersecurity strategies and business objectives requires collaboration across the C-suite. Our survey found a perception gap between security and IT executives and the rest of the organization regarding which threats and risks they see as most significant. For example, while 66% of tech executives rank cyber as the highest risk for mitigation, only 48% of business executives do the same.
This gap indicates that security and IT executives, who are more attuned to the day-to-day operational difficulties and potential vulnerabilities, may not effectively communicate these risks to the leadership team or may not have the opportunity to do so. One of the more challenging obstacles security and IT executives face is translating technical cyber threats into business risk language. The most effective CISOs can do this, so holding regular strategic planning sessions with the entire C-suite to communicate cyber risks in a way that makes sense for their counterparts will go a long way toward implementing cybersecurity initiatives into the organization’s overall business strategy.
CISOs should always be present when business decisions and strategies are finalized, ensuring they’re assessed for risk impact and whether additional security controls are required. Mapping cybersecurity tactics to the business objectives they support can help CISOs communicate their plans to fellow executives.
3. Shift from a reactive to a proactive cybersecurity strategy
This involves continuous monitoring of the threat landscape at both the tactical and strategic levels, conducting regular risk assessments and implementing predictive analytics to identify potential threats before they materialize. Technology executives should advocate for adopting a risk-based approach to cybersecurity, where resources are allocated based on the possible impact and likelihood of risks.
Creating a culture that prioritizes cybersecurity and resilience starts at the top. The C-suite must lead by example, emphasizing the importance of cybersecurity in all business operations. Measuring risk through regular training and awareness programs for employees at all levels can foster a proactive mindset while encouraging employees to report potential threats using the appropriate tools. Another proactive action security leaders can take is scheduling recurring tabletop exercises that simulate how their organization should respond in the face of a breach. They should start by performing the exercises at an operational level before taking them to the C-suite and, finally, the board.
4. Use a multifaceted approach to build and maintain digital trust
Organizations must prioritize data privacy and compliance with relevant regulations. In addition, transparency in data handling practices and clear communication with stakeholders about cybersecurity measures can enhance trust. Implementing robust incident response plans and demonstrating accountability during a breach are crucial components of maintaining digital trust.
We’re already seeing companies respond to regulatory requirements by investing more in cyber. According to DTI, 96% of executives increased their cyber investment in the last 12 months because of regulatory requirements. They’re seeing results, too: 78% believe that regulations have helped to challenge, improve, or increase their cybersecurity posture.
The bottom line is this: As we move forward in 2025, the ability to build and maintain resilience will be a key differentiator for businesses. Those who can effectively integrate cybersecurity into their overall strategy will be well-positioned to thrive in an increasingly interconnected world.
