EuroFinance

Cybersecurity breaches are no longer a distant threat; they are a growing reality for both individuals and organisations worldwide. PwC’s 2025 Global Digital Trust Insights survey report sheds light on this pressing issue, revealing that 77% of organisations expect their cybersecurity budgets to increase in the coming year. Yet, only 2% have achieved full cyber resilience across their operations, exposing significant vulnerabilities. The survey, conducted with over 4,000 business and technology executives across 77 countries, underscores the urgency of the situation.

With 66% of tech leaders ranking cybersecurity as their top risk, the financial stakes are high—the average cost of a data breach among respondents is $3.3 million. Adding to these challenges, two-thirds (67%) of organisations report that generative AI (GenAI) has expanded their attack surface over the past year, according to the same report.

Debbie Kaya, senior director of treasury at Cisco Systems, an American multinational digital communications technology conglomerate, shared personal and professional perspectives on these challenges at the EuroFinance International Treasury Management 2024 in Copenhagen. Over the past six to eight months, she has received four notifications of data breaches, including from major service providers and a third party benefits provider for the company. “One breach, the National Public Data Breach, was particularly concerning as it involved my Social Security number,” she explained. “I had to take immediate action, including placing credit blocks and addressing vulnerabilities across multiple platforms.”

These incidents have forced Kaya to adopt stringent measures, such as minimising personal information on LinkedIn and avoiding social media, to mitigate exposure. “Because I’m in the treasury and my signature is all over the place, I have to be extra cautious,” she added.

In her professional life Kaya noted, “Dual authentication and increased internal security measures have become the norm.” However, she raised concerns about vulnerabilities in systems designed to prevent breaches, such as Know Your Customer (KYC) protocols. “My question to the banks is always, how can fraudulent corporate accounts still be established with all this KYC out there? There’s clearly more that needs to be done,” she states.

Robert Torvelainen, chair of the European Tech Alliance and head of EU Public Policy at Wolt, a Brussels-based trade association representing the interests of tech companies born and bred in Europe, emphasised the reputational stakes of cybersecurity. “If you get hit by breaches, it’s a major reputational hit today,” he explained. “Both businesses and consumers will look at you differently and reconsider whether to maintain a relationship.” Torvelainen underscored the strong incentive for businesses to prioritise cybersecurity as a competitive advantage.

From a regulatory perspective, Torvelainen notes, “Regulation often lags behind technological advancements. Auditors still rely on outdated checklists, which don’t align with modern, modular systems like ours at Wolt”. He advocates for a more a holistic approach: “If we want regulations to genuinely elevate standards, regulators need to better understand what drives safety and resilience in today’s digital ecosystems.”

Despite the challenges, there is a clear momentum toward action. According to the same PWC report, 30% of organisations expect cybersecurity budgets to grow by 6-10% next year, while 20% anticipate increases exceeding 11%. GenAI continues to be a double-edged sword in this landscape. While 78% of leaders have increased investments in the technology over the past year, incorporating it into cybersecurity strategies has proven challenging. Obstacles include integration with existing systems (39%) and the absence of standardised internal policies (37%).

A path forward

To combat rising threats effectively, organisations must adopt a multifaceted approach. This includes bolstering technological defences, fostering industry collaboration, and addressing regulatory gaps. As Kaya’s experience illustrates, the intersection of personal and professional vulnerabilities demands a holistic strategy. Similarly, insights from Torvelainen highlight the urgency of rethinking traditional methods and aligning investments with emerging threats. “Cybersecurity isn’t just about defence; it’s about trust,” says Torvelainen. “Businesses that prioritise robust systems and transparency will gain a competitive edge in the digital economy.”

Ultimately, cybersecurity is not just a technical challenge but a strategic imperative. The combined voices of industry leaders underscore the pressing need for action to safeguard both organisational integrity and consumer confidence.