Bangkok--30 Oct--PwC Thailand
- 91% of high-RQ companies maintain an accurate inventory of assets and refresh the list as needed
- 73% of high-RQ group have identified their most important business services
- 34% of high-RQ group members have shifted their mindset away from the traditional disaster recovery to "digital resilience by design"
With leading companies becoming more vulnerable to cyber attacks PwC's fourth Digital Trust Insights study uncovers practices that the top 25% of the 3,500+ respondents–the high resilience-quotient (high-RQ) group–have adopted to remain outperformers of their peers.
In the study, we found a high-RQ group that scored in the top 25% across three areas.
Overall, high-RQ members aim for these standards:
- Real-time visibility into critical assets and processes
- An enterprise-wide plan and response
- Continuous redesign of business services and processes
In essence, high-RQ group members have shifted their mindset away from the traditional—and myopic—disaster recovery/business continuity model to "resilience by design." This more expansive approach involves gaining real-time views of higher-priority processes so that decision makers and responders can react to incidents in concert, with minimal harm to the business.
Visibility into core processes, assets and dependencies
Without understanding how data assets and processes are connected to core business services and their interdependencies, an enterprise can't know which systems or assets to isolate if a disruption occurs. The most striking difference between the high-RQ group and the rest is this: 91% of high-RQ companies maintain an accurate inventory of assets and refresh the list as needed, compared to only 47% of the rest.
For large enterprises, IT assets run in the millions and connections in the hundreds of millions. But there are technologies now to map critical assets and processes in-depth. More than half of high-RQ entities have automated their inventory and mapping processes, compared to only 10% of the rest.
Defining and testing how much disruption your organisation can tolerate
It's not surprising that 73% of the high-RQ group have identified their most important business services, while only 27% of the rest have done so.
Organisations must set limits on the duration and the cost it's willing to bear--in short, its impact tolerances. About two-thirds of high-RQ respondents have set impact tolerances for critical business services, while only 24% of the rest of the survey respondents have done so.
And a final differentiator: Among the high-RQ group, 61% have mapped impact tolerances to business services, not just critical ones. Only 18% of the rest have done so. This is particularly important if disruptions result in paying contractual penalties to business partners.
Building digital resilience by design
Lastly, we asked if their organisation has implemented "digital resilience by design" across the enterprise, only 34% of High RQs said "yes." For the rest, that number drops to 14%.
Vilaiporn Taweelappontong, Consulting lead partner for PwC Thailand, comments:
"In an age where CEOs are facing ever-evolving threats from the cyber world, organisations must do more to become cyber resilient.
"This means preparing to withstand the impact from cyber attacks in a way that keeps the overall operation running smoothly and securely no matter what. An organisation that can detect and react to attacks promptly is likely to have a high level of resilience to adjust and rebound from disruptions. However, we probably see only a handful of Thai organisations developing this kind of cyber resilience. Most protective security measures are still mostly responsive rather than proactive."