This article first appeared in Digital Edge, The Edge Malaysia Weekly on August 12, 2024 - August 18, 2024

The recent global IT incident serves as a stark reminder that even the most advanced organisations are vulnerable to unforeseen digital disruptions.

In the absence of a comprehensive regulatory framework, such as the European Union’s Digital Operational Resilience Act or the UK’s Financial Conduct Authority’s Operational Resilience Policy Statement PS21/3, the recent incident, echoing across industries, raises questions on business resilience.

It underlines the urgent need not only for regulators to accelerate the development and implementation of similar policies, but also for Malaysian businesses to take the lead on implementing robust resilience strategies.

While technology powers modern businesses, it is essential to recognise its inherent risks. The unexpected turn of a system designed to protect, causing widespread outages, highlights the complexity of the digital landscape. To safeguard critical operations, organisations must adopt a holistic, enterprise-wide approach to resilience. Now, what can businesses learn from the experience?

• A business fortress beyond IT: Identify and map your business’s critical functions and dependencies, including third-party services. Establish a third-party risk management programme to manage and monitor these dependencies, ensuring external partners adhere to your resilience standards.

• Technology is a double-edged sword: Technical changes, from routine maintenance to major upgrades, can trigger IT incidents. The interconnected nature of systems and third-party services today amplifies the potential for disruption. A strict, systemic approach to managing modifications, including testing these changes on selected IT assets before full deployment, is crucial to preventing total service outages.

• Partnerships for success: Set key resilience indicators and exercise plausible, severe scenarios. Digital supply chain vulnerabilities can be minimised when you bring critical third-party providers together to embed and rehearse a joined-up response capability, ensuring they share your commitment to resilience.

• The human factor: Effective crisis response demands strong leadership, clear communication and coordinated action. Regular crisis simulations and training are essential to build the necessary skills and reflexes.

Building resilience requires a concerted effort and it starts at the top. Executive leadership should prioritise resilience as a strategic imperative and establish clear accountability and reporting mechanisms.

Operationalising resilience requires these C-suite executives to work together:

• The chief information officer and chief information security officer enhance change management processes, strengthen incident response capabilities and foster collaboration with business units;

• The chief operating officer maps critical business services, identifies vulnerabilities and stress test contingency plans; and

• The chief risk officer conducts regular risk assessments and scenario planning to anticipate potential threats and develop mitigation strategies, including understanding how your insurance will respond to situations like the recent outage.

The digital age brings unprecedented opportunities, but it also comes with significant risks. By adopting a proactive and holistic approach to resilience, Malaysian businesses can mitigate disruptions, protect their bottom line and emerge stronger from challenges.

Resilience is not just about surviving crises; it’s about thriving in the face of adversity.

Clarence Chan is a digital trust and cybersecurity leader at PwC Malaysia

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.