3 min Security

CISOs are seemingly alone in their concerns about ransomware

However, cloud vulnerability keeps executives of all stripes awake

CISOs are seemingly alone in their concerns about ransomware

CISOs seem to be the only executives who seem to lie awake at night worrying about ransomware. This form of cybercrime is a major concern for 42 percent of them, while other executives don’t even put it in their top three biggest IT-related threats.

Threats specifically affecting cloud environments, on the other hand, generally rank high on decision-makers’ agendas: For 42 percent of them, they top the list of cyber concerns, according to PwC’s 2025 Global Digital Trust Insights.

One reason cloud threats score so high may be that organizations feel ill-prepared to deal with such dangers. Indeed, in the same report, 34 percent of respondents admitted to not (yet) having an adequate response to this form of threat.

Top five threats

PwC’s survey was conducted among more than 4,000 respondents and provided insight into the most important IT concerns to managers and executives. In addition to the aforementioned threats in cloud environments (think insecure APIs, DDoS attacks, misconfigurations or the use of unauthorized services), these include so-called hack-and-leak operations, i.e. data theft after a successful hack (38 percent), breaches in third-party services such as data vendors (35 percent), attacks on connected infrastructure such as IoT devices (33 percent) and ransomware (27 percent).

Interestingly, ransomware scores lower for most executives, but actually appears to be a major concern for CISOs when looking at the numbers for this group separately. Possibly because they are more aware of the havoc it can wreak.

Cloud makes vulnerable

The increasing complexity of the cybersecurity landscape is making it harder for companies to keep up. The report points to a growing attack surface, due precisely to the move to the cloud that many companies have made in recent years. AI, connected devices and the high degree of dependence on intermediaries and vendors are also cause for concern. Dealing with this properly “demands an agile, enterprise-wide approach to resilience,” the report warns.

AI proves to be a double-edged sword. Respondents call it both a powerful tool for their IT line of defense and a dangerous weapon for attackers. Consequently, although 78 percent of organizations have put more money into AI-driven solutions, 67 percent of them feel that AI has also made them more vulnerable to cyber attacks –more than any other development in the past year. Despite all these concerns, companies are widely deploying AI for critical cybersecurity workloads, particularly detecting and mitigating threats and vulnerabilities.

Plenty of work remains

In any case, plenty of work remains to be done, as nearly 80 percent of tech executives expect to spend more next year to beef up security. Only 2 percent of companies surveyed say they are already sufficiently resilient across the board. Not taking action costs money: on average, a data breach quickly costs 3.3 million dollars (nearly 3 million euros).

Those surveyed believe regulation has had a positive impact. The PwC report shows that organizations have had to tighten up their security under pressure from regulations such as the GDPR and the NIS2 directive. Although there are some misgivings about their implementation, 80 percent believe that legislation has motivated them to raise their own security to a higher level. Consequently, 96 percent of all respondents feel that it has contributed to a better daily handling of security.

Also read: Cybersecurity teams can not keep up with new attack techniques