Boosting digital resilience is the best defense against cyber attacks

PwC’s Digital Trust Insights

● ​ ​ ​ ​ Companies that are successful in withstanding a cyberattack (displaying a ‘high resilience-quotient’) master three essential capabilities. They:

  • have a full inventory of assets and refresh as needed (91%)
  • have identified their critical business services (73%)
  • have mapped impact tolerances to both critical and non-critical business services (61%)

● ​ ​ ​ ​ Although 69% of Belgian CEOs are worried about cybercrime, no less than 75% believe that their organisation can withstand a cyber attack, suggesting there is still a long way to go in terms of raising awareness.

22 October 2019 - Ransomware is the fastest growing cyber threat with an average of more than 4,000 ransomware incidents occurring daily, according to the US’s Federal Bureau of Investigation (FBI). “Good enough” just isn’t enough anymore when it comes to protecting data and information. In the latest PwC’s Digital Trust Insights study, PwC asked 3,500 business and IT leaders around the world about their digital resilience.The goal was to determine which companies are prepared to withstand and recover quickly from a cyber attack as well as to understand how these operations have developed this expertise. The results show that businesses with the most mature strategies are also the most likely to have revamped resilience plans in the face of new “very significant” threats.

Introducing resilience by design

PwC reports that 25% of the global respondents fit in the highly resilient quotient group (high RQ). These companies are more likely than other respondents to have revamped strategies in the face of new threats. This high-resilience quotient (high-RQ) group has shifted their mindset away from traditional ​ disaster recovery model to ‘resilience by design’ ​ This more expansive approach involves gaining real-time views of higher-priority processes so that decision makers and responders can react to incidents in concert, with minimal harm to the business. In essence, they focus on three areas:

  • visibility into critical processes, assets and dependencies;
  • defining and testing how much disruption their organisation can tolerate;
  • building digital resilience by design

Businesses in the high-RQ group are more likely to have revamped strategies in the face of new, “very significant” threats (59% vs. 31% of the rest of the survey respondents). They’re also more confident that they can manage emerging risks that test cyber resilience (73% vs. 24%).

Confirming the CIS Controls™ ​ top 20

Without understanding how data assets and processes are connected to core business services and their interdependencies, an organisation can’t know which systems or assets to isolate in case of an attack. The most striking difference between the high-RQ group and the rest is this: 91% of high-RQ companies maintain an accurate inventory of assets and refresh the list as needed, compared to only 47% of the rest.

The results of our research confirm the top two of CIS Top 20 Critical Security Controls™ to protect an organisation and data from known cyberattack vectors: firstly, build and maintain an inventory of devices and secondly, build and maintain an inventory of software,” says Ingvar Van Droogenbroeck, partner and Cyber & Privacy leader at PwC Belgium. “We also focus on these controls when working with clients that are building information management systems in accordance with the ISO 27001 information security management standard.”

Only as strong as the weakest link

For large enterprises, IT assets run in the millions and connections in the hundreds of millions. But there are technologies to map critical assets and processes in-depth. More than half of high-RQ entities have automated their inventory and mapping processes, compared to only 10% of the rest.

Too often, organisations don’t have an accurate and complete overview of their IT estate, let alone the dependencies within and between assets, and therefore lack an understanding of which are critical for their operations. If then there is a major setback, recovery will be difficult and costly,” explains Ingvar Van Droogenbroeck, partner and Cyber & Privacy leader at PwC Belgium. “If there are hardware or software components that you’re unaware of in your system, it’s unlikely they are fully patched or properly secured, making them an easy entry point to your entire infrastructure.

Be prepared

It’s worth noting that 73% of the high-RQ group have identified their most important business services, while only 27% of the rest have done so. Organisations must set limits on the duration and the cost they’re willing to bear - their impact tolerance. In too many cases, organisations also have no strong business continuity plan in place. Because priorities differ by department, what is really critical may then need to be identified during the crisis, complicating and extending the recovery.

Belgian CEOs are also increasingly concerned. This was also confirmed that 69% of Belgian CEOs are worried about cybercrime as shown by our latest CEO Outlook survey 2019. 72% of Belgian CEOs recognise that their organisation or company could potentially become a target for geopolitical cyber activities. No less than 75% of Belgian CEOs believe that their company or organisation can withstand a cyber attack. This certainly suggests that there is still a long way to go in terms of raising awareness.

 “Worse still, in many organisations documentation is lacking or not update-to-date. If information resides with only one or two key individuals, your survival may depend on the availability of those people during the crisis,” Ingvar Van Droogenbroeck says.

View the Digital Trust Insights September 2019 report here.

 

Contact

Erik Oosthuizen

erik.oosthuizen@pwc.com

+32 490 582 284

www.pwc.com

Share

Latest stories

Website preview
Identity is now the number one cyber-attack vector
New PwC study shows how the way hackers get into organisations has changed
press.pwc.be
Website preview
"The challenges are clear, the ambition is there but the path isn't, yet"
30 March 2026, Diegem - Belgian HR leaders are keenly aware of the seismic workforce shifts ahead. A new survey with Belgian HR decision makers conducted by PwC Belgium still finds critical gaps in data capability, change management, regulatory readiness, and strategic positioning are leaving organisations exposed at a time when speed of reinvention is everything. PwC Belgium’s CHRO Survey reveals a workforce transformation paradox. The will is there, but the wiring isn't. HR leaders aren't short on ambition. “The real challenge is closing the gaps and turning that ambition into results. Whether it's upgrading systems, building new skills, rethinking reward, ensuring legal compliance, or earning a stronger voice at the strategy table. The gap between what HR wants to do and what it actually delivers is where the story gets interesting”, says Axel Smits, Workforce Services Leader at PwC Belgium.
press.pwc.be
Website preview
Students get chance to test their AI skills
PwC runs AI escape game sessions in campus cities
press.pwc.be

Get updates in your mailbox

By clicking "Subscribe" I confirm I have read and agree to the Privacy Policy.

About PwC Belgium

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 364,000 people in 137 countries. Across audit and assurance, tax and legal, deals and consulting we help build, accelerate and sustain momentum. Find out more at www.pwc.com

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. 

© 2025 PwC. All rights reserved. 

Contact

Culliganlaan 5 1831 Diegem

+32 (0)2 710 42 11

www.pwc.be