(Based on findings from the 2025 Global Digital Trust Insights survey)
Cyber threats are growing faster than most organizations can keep up with. Advances in AI, cloud, and connected devices are widening the attack surface, while new regulations are raising the stakes for compliance. The result: cyber resilience is no longer optional. It is now a business-critical priority.
Yet the latest Global Digital Trust Insights survey of more than 4,000 executives across 77 countries shows that most companies still have a long way to go. Only 2% report that they have implemented resilience measures across all areas surveyed. Even more concerning, fewer than half say their CISOs are meaningfully involved in strategic planning or board-level discussions.
Where the gaps are
The survey revealed several critical shortcomings:
- Implementation: Few companies have enterprise-wide cyber resilience actions in place.
- Preparedness: Leaders feel least prepared to respond to the threats they worry about most, especially cloud risks, third-party breaches, and attacks on connected products.
- CISO involvement: Many organizations still sideline CISOs from strategic decision-making.
- Regulatory confidence: CEOs tend to be more optimistic than CISOs about meeting compliance requirements around AI, resilience, and critical infrastructure.
- Risk measurement: Fewer than half of companies measure cyber risk effectively, and only 15% track its financial impact in a meaningful way.
These gaps leave businesses exposed and slow down their ability to respond to fast-changing threats.
A shifting threat landscape
Organizations face mounting pressure from cloud vulnerabilities, hack-and-leak attacks, and third-party breaches. What leaders fear most are also the areas where they are least ready. This misalignment calls for better planning, more investment in response capabilities, and tighter collaboration across the executive team.
As one expert warned, attackers are increasingly skilled at exploiting weak spots like unpatched devices and poor access controls. Resilience requires vigilance across the entire organization.
The role of AI
Generative AI is creating both opportunity and risk. On one hand, it opens new attack vectors and makes cybercrime more sophisticated. On the other, companies are starting to harness GenAI to strengthen defenses, particularly in threat detection, intelligence, and phishing prevention. The challenge for leaders is to strike the right balance: adopting AI responsibly, while standardizing processes and tightening controls to minimize exposure.
Rising regulatory demands
Around the world, new rules are raising the bar for cyber resilience. Frameworks such as the EU’s Cyber Resilience Act, the AI Act, and the US’s CIRCIA highlight the global urgency to act. But the survey shows a confidence gap: CEOs are generally more upbeat about compliance than the CISOs who oversee it day-to-day. This signals a need for clearer communication and stronger alignment across the C-suite.
Measuring and investing in resilience
Cyber risk quantification is still underused, even though most leaders agree it’s critical for smarter investment and prioritization. Data challenges and reliability concerns hold many back, but organizations that can measure financial and operational impacts of risk are better positioned to allocate resources effectively.
When it comes to spending, priorities differ by role. Business leaders focus on data protection and trust, while technology executives are doubling down on cloud security. Regardless of perspective, both agree that building digital trust is becoming a competitive advantage. More than half of executives now see cybersecurity as a differentiator that strengthens customer loyalty and brand reputation.
The leadership challenge
Perhaps the biggest gap is in leadership alignment. Only a fraction of companies involve CISOs in the full range of strategic and operational decisions that shape security outcomes. Without enterprise-wide resilience measures and consistent C-suite collaboration, organizations remain dangerously exposed.
The way forward
Closing these gaps requires treating cybersecurity as a standing agenda item at the highest levels. Leaders should:
- Make resilience a shared responsibility across the C-suite.
- Ensure CISOs are embedded in strategic planning and reporting.
- Use AI responsibly, both to guard against and to defend against new threats.
- Stay ahead of evolving regulatory demands.
- Quantify and communicate cyber risks in business terms.
Cyber resilience is not about checking boxes. It is about protecting the future of the business, building trust with customers, and creating the ability to withstand disruption in a world where digital risk never stops evolving.