Lack of Cyber Risk Quantification Leaves Companies Financially Exposed, PwC Report Finds

A new PwC report reveals a significant gap in how companies quantify and manage their cyber risks financially. The 2025 Global Digital Trust Insights survey, which polled 4,042 business and technology executives from 77 countries, found that only 15% of organizations are measuring the financial impact of cyber risks to a significant extent.

This low adoption rate of cyber risk quantification practices could leave many companies financially vulnerable to cyber threats. The report, released on September 30, 2024, highlights several key areas where organizations are falling short in their cyber risk management efforts.

While executives largely agree that measuring cyber risk is crucial for prioritizing cyber risk investment (89%) and allocating resources to areas of highest risk (87%), the vast majority are not putting this into practice. This disconnect between recognition and implementation represents a significant missed opportunity for many companies to better manage their cyber-related financial risks.

Barriers to Cyber Risk Quantification

The report identifies several obstacles hindering the wider implementation of cyber risk quantification:

1. Data issues (cited by 44% of respondents)
2. Scope uncertainty
3. Legal concerns
4. Lack of trust in the reliability of quantification outputs

These challenges are preventing many organizations from gaining critical intelligence that could inform board decisions and capital allocation strategies.

The lack of effective cyber risk quantification has direct implications for how companies allocate their cybersecurity resources. The report finds that only 21% of organizations usually allocate their cyber budget to the top risks facing the organization. This suggests that many companies may be misaligning their cybersecurity investments, potentially leaving critical vulnerabilities unaddressed.

Cybersecurity Budgets on the Rise

Despite challenges in risk quantification, 77% of executives expect their organization’s cyber budget to increase next year. This trend is particularly pronounced in North America and in the technology, media, and telecom (TMT) sector, where 82% anticipate budget increases.

However, without effective risk quantification practices, these increased budgets may not be optimally allocated to address the most pressing cyber risks.

For the coming year, organizations are prioritizing investments in:

1. Data protection and trust (48% of business executives)
2. Cloud security (34% of tech executives)
3. Tech modernization and optimization (43% of business executives)

These priorities reflect the growing importance of data security and the ongoing shift to cloud-based technologies. However, without robust risk quantification, it remains unclear whether these investments align with the areas of greatest financial risk.

Cybersecurity as a Business Differentiator

The report reveals a growing recognition of cybersecurity as a key differentiator for competitive advantage. 57% of executives cite customer trust as an area influenced by cybersecurity, while 49% point to brand integrity and loyalty.

This shift in perspective underscores the potential financial benefits of strong cybersecurity practices, beyond mere risk mitigation. Effective risk quantification could help organizations better understand and communicate these benefits to stakeholders.

Recommendations for Treasury Teams

Based on the findings, corporate treasury teams should consider the following actions:

1. Advocate for the implementation of cyber risk quantification practices within their organization
2. Collaborate with cybersecurity teams to understand and quantify potential financial impacts of cyber risks
3. Use risk quantification data to inform cyber insurance decisions and coverage levels
4. Incorporate cyber risk assessments into financial planning and forecasting processes
5. Work with the CISO and CFO to align cybersecurity investments with areas of greatest financial risk
6. Develop metrics to track the financial return on cybersecurity investments

Characteristics of Top Performers

The report identified a group of top-performing organizations that consistently demonstrate leading cybersecurity practices. These top performers are more likely to:

• Measure the financial impact of cyber risks effectively
• Allocate cyber budgets to top organizational risks
• Have higher confidence in their ability to comply with regulations

Notably, there is a 69 percentage point gap across all behaviors between top performers and the overall global respondents.

The PwC 2025 Global Digital Trust Insights report highlights a critical gap in how organizations manage their cyber-related financial risks. The low adoption rate of cyber risk quantification practices leaves many companies potentially exposed to significant financial impacts from cyber threats.

For corporate treasury teams, this underscores the need to take a more active role in cybersecurity risk management. By advocating for and participating in cyber risk quantification efforts, treasury professionals can help their organizations make more informed decisions about resource allocation, insurance coverage, and overall financial strategy in the face of evolving cyber threats.

As cyber risks continue to grow in complexity and potential financial impact, effective quantification of these risks is becoming not just a best practice, but a crucial component of sound financial management. Organizations that can effectively quantify and manage their cyber risks stand to gain a significant advantage in protecting their financial assets and building stakeholder trust.