PwC’s 2025 Global Digital Trust Insights Survey, conducted between May and July 2025 among 3,887 executives across 72 countries, reveals how geopolitical turbulence and rapid technological change are reshaping cybersecurity priorities. Leaders are navigating fractured supply chains, evolving trade alliances and the accelerated adoption of artificial intelligence. While most recognise cyber resilience as a strategic necessity, capability gaps persist. The survey, covering organisations across industries such as healthcare, financial services, manufacturing, technology, energy and government, shows that investment intentions are high but unevenly distributed. With global dependencies shifting, executives are striving to balance innovation and security while preparing for future risks, including quantum computing.
Geopolitics Reshape Cyber Priorities
Geopolitical instability has become a defining force in corporate cyber strategy. According to PwC’s findings, six in ten executives now rank cyber risk investment among their top three strategic priorities, reflecting a shift from viewing cybersecurity as a technical function to an essential business enabler. The ongoing fragmentation of global markets and rising regulatory divergence are influencing decisions on infrastructure location, trade, operating models and cyber insurance.
Despite strong strategic focus, confidence in resilience remains uneven. Around half of respondents report being very capable of managing attacks targeting specific vulnerabilities, yet only a small minority say they are highly capable across all critical areas. This imbalance exposes weaknesses in enterprise-wide readiness, suggesting that resilience is still being built in silos rather than through integrated frameworks.
Must Read: The Fragile Web of Healthcare Cybersecurity
For healthcare organisations, which depend on secure and uninterrupted digital systems, these gaps carry tangible operational implications. Exposure at the level of identity and access management, third-party risk or cloud security can disrupt clinical services and data flows. As leaders embed cyber risk deeper into business strategy, alignment between investment and implementation becomes essential. The findings indicate that, while executive awareness has grown, consistent application of robust controls and recovery mechanisms remains a work in progress across industries.
Proactive Spend, AI And Managed Services
Cyber spending patterns suggest that prevention still lags behind reaction. About two thirds of organisations report splitting cyber budgets evenly between proactive and reactive measures, while only a quarter dedicate significantly more to prevention. Yet reactive costs—spanning remediation, recovery, litigationand reputational repair—are often far greater than anticipated. The data underscores the need for stronger investment in continuous monitoring testing and training to reduce total exposure and accelerate recovery when incidents occur.
Artificial intelligence is emerging as a cornerstone of near-term capability building. AI enablement of security operations ranks among the highest investment priorities, particularly in areas such as threat hunting, event detection, behavioural analytics, identity management and vulnerability scanning.The survey also highlights growing interest in agentic AI—autonomous or semi-autonomous tools that can act on predefined security logic to enhance detection and response across data protection and cloud environments.
However, the full potential of AI remains constrained by workforce limitations. Respondents cite knowledge and skills gaps as the leading obstacles to deploying AI-driven defences effectively. More than half are therefore prioritising AI and machine learning solutions to augment teams, supported by initiatives in automation, tool consolidation and upskilling. As threats evolve faster than human capacity to respond, automation is viewed as the most efficient path to scale capability.
Specialised managed services are gaining momentum as organisations seek continuous coverage and expertise. Many enterprises that have faced major cyber incidents now rely on partners to manage AI, cloud security, threat management and data protection functions. Others are extending outsourcing to areas such as network and endpoint protection, supply chain risk, application security and identity governance. The analysis suggests a shift toward hybrid models where internal teams focus on strategic oversight while external partners deliver operational depth. This structure allows rapid adaptation to complex threats without overextending in-house resources.
Quantum-Ready Security Lags
While AI accelerates transformation, preparation for quantum-era threats remains limited. Quantum computing ranks among the risks for which organisations feel least prepared. Fewer than one in ten respondents have allocated budget priority to quantum-resistant security, and only a small proportion have implemented all leading mitigation measures. Nearly half have not yet started exploring quantum-resistant cryptography or have not considered it at all.
Given that migrating to post-quantum encryption could take years, delayed planning risks extended vulnerability for sensitive data and authentication systems. Cryptographic algorithms currently considered secure may be rendered obsolete once quantum capabilities mature, potentially exposing long-term records, research data and confidential communications. Establishing inventories of cryptographic assets and designing phased migration roadmaps can mitigate this risk, but progress remains slow.
The limited readiness signals a broader pattern: many organisations are advancing on immediate threats such as ransomware or phishing but deferring long-term resilience work. As geopolitical and technological shifts converge, this reactive posture could amplify systemic risk, particularly for sectors managing personal or mission-critical data. Proactive engagement with suppliers, early testing of quantum-resistant protocols and integration into security roadmaps are becoming vital to maintain trust and compliance in the years ahead.
PwC’s 2025 global survey illustrates a complex but decisive shift in cyber governance. Executives are elevating cybersecurity investment, harnessing AI to offset workforce constraints and expanding managed service partnerships to reinforce defences. Yet the balance of spending remains tilted toward reaction rather than prevention, and readiness for quantum threats lags far behind.
To build durable resilience, organisations must translate strategic intent into sustained execution, shifting budgets toward prevention, integrating AI responsibly and preparing early for cryptographic change. For healthcare and other critical sectors, the stakes are particularly high: secure systems underpin patient safety, operational continuity and regulatory trust. Strengthening cyber foundations while anticipating technological disruption will be key to ensuring stability and confidence in an increasingly uncertain digital era.
Source: PwC
Image Credit: iStock
