According to PwC’s annual Global Digital Trust Insights Survey, 27% of companies globally have suffered a data breach that cost them $1 million to $20 million in the past three years. That rises to 34% for organizations surveyed in North America. Only 14% of companies globally indicated they hadn’t suffered a data breach at all during that span.

The survey is based on responses from 3,500 senior executives across 65 countries. Despite the cost of attacks, fewer than 40% of respondents expressed they have fully mitigated cybersecurity risk across areas including remote and hybrid work, accelerated cloud adoption and increased use of internet of things. Moreover, about 90% of operations-focused executives indicated worries about supply-chain cyber risk.

How to handle the problem? Among respondents, 79% favored mandatory disclosure of cyber incidents. But, only 42% of executives surveyed expressed full confidence that their organization can require mandated disclosure within the required time frame.

“It’s clear from our survey that a higher level of public-private collaboration is needed to address the increasingly complex cyber threat landscape—companies are calling for increased information sharing and transparency as well as a consistent format for mandatory disclosure of cyber incidents," PwC’s Sean Joyce said in a statement.

The results come just weeks after another recent PwC survey showed that a plurality of business leaders (40%) named cybersecurity the No. 1 risk facing their companies. Other research lately further highlights the threat. According to a study by cybersecurity firm Venafi, 81% of organizations have suffered a cloud-related security incident in the past 12 months, while 45% endured four or more incidents.

Of all publicly acknowledged ransomware incidents between January 2020 and July 2022, almost half targeted U.S.-based businesses, more than in Canada or the UK, according to a report by file encryption software vendor NordLocker.