Crises, disruptions, disruptions - the environment in which companies operate has changed radically in recent years. Volatility and uncertainty have become a normal state of affairs. This makes it increasingly difficult for managers to make the right decisions.
In the course of the Global Crisis and Resilience Survey 2023, PwC researched how companies around the world are dealing with this new normal.
One key finding: more and more decision-makers are making resilience a top strategic priority. Among other factors, protection against growing cyber threats such as ransomware or industrial espionage is driving many companies to build and develop integrated resilience programmes. However, the results of the survey also show that German companies need to catch up in a global comparison.
Your expert for questions
Grant Waterfall
Partner and Cyber Security & Privacy Leader at PwC Germany
Email
Digitalisation has forced many organisations to rethink their processes and measures for the security of data and information. In this process, risk analysis plays a critical role in order to take appropriate security measures. Effectively addressing acute security issues requires not only the use of the right software, but also smart communication and efficient management of acute risks to ensure security in every situation.
The Global Crisis and Resilience Survey 2023 makes it clear that no company is any longer protected from unexpected events with far-reaching consequences. 67% of German companies reported that their most serious disruption had a moderate to severe impact on operations and affected critical business processes and services.
The likelihood of such an event being a cyber attack is anything but low. Business interruptions due to such attacks are one of the biggest concerns in most organisations with a view to the next two years. The logical consequence: investments. According to the Global Crisis and Resilience Survey 2023, 85% of German companies (globally: 87%) plan to allocate more resources to their cyber resilience. Nevertheless, crucial factors for a distinct level of protection are still being neglected in some companies. One in ten companies does not invest in threat monitoring or disaster recovery.
A direct comparison between the global results and the German figures shows that local companies do not yet sufficiently integrate important cyber functions into their resilience programmes.
Business continuity management (BCM), for example, is only linked to the resilience programme in 19% of German companies – the global average is 40%. German companies are also far below the international average in some cases when it comes to incident response (37% to 24%) and cyber recovery (41% to 34%). The most important steps are therefore obvious: in order to remain capable of acting in the event of serious cyberattacks, decision-makers must better dovetail their resilience and IT security strategies.
Business resilience is critical in today’s digital era, as threats and risks are constantly changing and evolving. An analysis of processes and measures to address challenges is therefore necessary to ensure organisational resilience in the long term. Here, management plays an important role in taking the right measures, evaluating relevant information and continuously improving processes.
“Cybersecurity must not only take place in isolated silos, but must take effect along the entire value chain. Companies that consistently integrate cyber security into their overarching resilience programmes therefore have a clear advantage.”
Dr. Alexander Köppen
Partner, Cyber Security & Privacy Strategy, Risk and Compliance, PwC Germany
Tel: +49 1512 9608-114