Global Crisis and Resilience Survey​ 2023​

No resilience without cyber security

Heaser Bild
  • Article
  • 3 Minute Read
  • 19 May 2023

Crises, disruptions, disruptions - the environment in which companies operate has changed radically in recent years. Volatility and uncertainty have become a normal state of affairs. This makes it increasingly difficult for managers to make the right decisions. 

In the course of the Global Crisis and Resilience Survey 2023, PwC researched how companies around the world are dealing with this new normal. 

One key finding: more and more decision-makers are making resilience a top strategic priority. Among other factors, protection against growing cyber threats such as ransomware or industrial espionage is driving many companies to build and develop integrated resilience programmes. However, the results of the survey also show that German companies need to catch up in a global comparison. 

The most important thing in 30 seconds

  • 89% of decision-makers say that resilience is one of the most important strategic priorities of their company.
  • For many companies, concern about cyber attacks and the resulting disruptions is a key driver to build more resilience.
  • Because German companies still do not think enough about their IT security strategy together with the development of their resilience programmes, there is a certain amount of lagging behind in international comparison.  

Your expert for questions

Grant Waterfall - PwC

Grant Waterfall
Partner and Cyber Security & Privacy Leader at PwC Germany

Consistently dovetail cyber security and resilience strategy

Digitalisation has forced many organisations to rethink their processes and measures for the security of data and information. In this process, risk analysis plays a critical role in order to take appropriate security measures. Effectively addressing acute security issues requires not only the use of the right software, but also smart communication and efficient management of acute risks to ensure security in every situation.

The Global Crisis and Resilience Survey 2023 makes it clear that no company is any longer protected from unexpected events with far-reaching consequences. 67% of German companies reported that their most serious disruption had a moderate to severe impact on operations and affected critical business processes and services.

The likelihood of such an event being a cyber attack is anything but low. Business interruptions due to such attacks are one of the biggest concerns in most organisations with a view to the next two years. The logical consequence: investments. According to the Global Crisis and Resilience Survey 2023, 85% of German companies (globally: 87%) plan to allocate more resources to their cyber resilience. Nevertheless, crucial factors for a distinct level of protection are still being neglected in some companies. One in ten companies does not invest in threat monitoring or disaster recovery.

A direct comparison between the global results and the German figures shows that local companies do not yet sufficiently integrate important cyber functions into their resilience programmes.

Business continuity management (BCM), for example, is only linked to the resilience programme in 19% of German companies – the global average is 40%. German companies are also far below the international average in some cases when it comes to incident response (37% to 24%) and cyber recovery (41% to 34%). The most important steps are therefore obvious: in order to remain capable of acting in the event of serious cyberattacks, decision-makers must better dovetail their resilience and IT security strategies. 

Business resilience is critical in today’s digital era, as threats and risks are constantly changing and evolving. An analysis of processes and measures to address challenges is therefore necessary to ensure organisational resilience in the long term. Here, management plays an important role in taking the right measures, evaluating relevant information and continuously improving processes.

Any questions?

Contact our experts

“Cybersecurity must not only take place in isolated silos, but must take effect along the entire value chain. Companies that consistently integrate cyber security into their overarching resilience programmes therefore have a clear advantage.”

Grant Waterfall, Cyber Security & Privacy Leader at PwC Germany
Follow us

Contact us

Grant Waterfall

Grant Waterfall

Partner and Cyber Security & Privacy Leader, PwC Germany

Dr. Alexander Köppen

Dr. Alexander Köppen

Partner, Cyber Security & Privacy Strategy, Risk and Compliance, PwC Germany

Tel: +49 1512 9608-114