According to a report by PwC, Indian executives rank cybersecurity as their top risk mitigation priority (61 per cent), followed by digital and technology risks (60 per cent), inflation (48 per cent), and environmental risks (30 per cent) for the next 12-months.

The report revealed that 93 per cent of respondents anticipate an increase in their cybersecurity budgets next year, with 17 per cent planning to raise their budgets by 15 per cent or more, an increase of one per cent from last year. Additionally, 42 per cent of Indian business leaders are prioritising data protection and remediation in the aftermath of recent cyber breaches as their main cyber investment for the coming year.

As per the report, cloud-related threats remain the foremost worry, cited by 55 per cent of Indian executives as their most concerning cyber risk, marking a three per cent increase from the previous year. However, 50 per cent of security leaders and chief financial officers (CFOs) feel least prepared to address these threats in the coming year.

The report also stated that all security leaders and CFOs have stated that regulations have prompted them to boost their cyber investments with 74 per cent enhancing or strengthening their cybersecurity stance. It underscores the critical role of strategic investments and regulatory compliance in shaping a resilient cyber future for Indian businesses.

Further reinforcing the shift towards advanced technological defences, the report highlights that generative artificial intelligence (GenAI) is at the helm of cyber investment priorities, with 87 per cent of organisations having boosted their investments over the last 12 months. Additionally, 86 per cent of organisations have increased their spending on AI governance as part of their risk management strategies. Furthermore, 80 per cent of Indian companies are highly confident in their ability to comply with AI regulations.

Despite all efforts, the impact of cyber incidents remains substantial. The percentage of security leaders in India reporting a data breach with costs exceeding $ 20 million has decreased by three per cent from last year to eight per cent. Additionally, 44 per cent of leaders have experienced a data breach costing over $500,000 in the past three years. More than 33 per cent of leaders indicate that most of their serious data breaches within the last three years have incurred costs of no less than $1 million.

Commenting on the report, Sivarama Krishnan, partner and leader, risk consulting, PwC India and leader of APAC cyber security and Privacy, PwC, said, “From the boardroom to operational teams, it is essential that business leaders hold each other accountable and respond to the evolving landscape of cyber threats. By embracing advanced technologies, adhering to foundational cybersecurity principles, and allocating resources effectively, organisations need to stay committed to fortifying defences and safeguarding their future.”

He added, “Although a majority of senior leaders acknowledge the importance of quantifying cyber risk to prioritise investments, only one-fifth of organisations are adopting thorough risk quantification methodologies. This disparity highlights an overlooked opportunity that must now be addressed. Developing a dependable cyber risk quantification system is crucial for informed decision-making and prioritising strategic investments.”

Meanwhile, Manu Dwivedi, partner and leader, cybersecurity and risk consulting GCC, PwC India, said, “Advances in emerging technologies such as AI and the increased adoption of cloud services have significantly expanded the attack surface for enterprises. This trend underscores the necessity for a flexible, enterprise-wide resilience strategy. Organisations must align their priorities and readiness at every level to safeguard security and ensure seamless business continuity.”

In addition, Sundareshwar Krishnamurthy, partner and leader, cybersecurity, PwC India, said, “Cyber regulations are consistently driving heightened cybersecurity spending, with every executive surveyed acknowledging that regulatory mandates have driven them to bolster their security measures. Close to three-fourths of these executives report that these regulations have tested, upgraded, or strengthened their cybersecurity stance. Compliance should be seen not as a mere tick-in-the-box exercise, but as a strategic opportunity to build long-term resilience and foster trust with stakeholders.”