How can enterprises build digital resilience for trust?

Stakeholder collaboration in building digital resilience is critical in today’s dynamic business landscape where disruptions are expected.

In brief:

• Building digital resilience is an imperative that requires the collective engagement of all stakeholders across the entire supply chain.
• The board and C-suite play a strategic role in driving such resilience and fostering trust through open communication with stakeholders in this journey.
• Balancing the need to address cyber and digital risks with innovation is crucial to help maintain long-term competitiveness.

Technology weaves through every aspect of life today and binds the global community in a web of interconnectivity. Yet, because this intricate network is not impervious to gaps and vulnerabilities in the dynamic digital realm, it’s only a matter of time before the next disruption occurs. While cyber attacks are often responsible for business disruptions, they are not the only threat to digital resilience that can potentially lead to devastating effects ranging from erosion of public confidence to penalties for regulatory non-compliance. For example, technological failures in recent years have resulted in severe negative consequences for various industries — sometimes on a global scale — underscoring the critical need for robust, extensive digital resilience strategies.

In the aftermath of disruptions, assigning responsibility can be potentially complex as interdependent digital ecosystems and supply chains blur lines of accountability. It is therefore critical to establish clear responsibilities and trust so that organizations and their stakeholders are much less vulnerable to repeated disruptions, which can erode consumer confidence. 

Strategic government role in building digital resilience 

Governments in Southeast Asia are increasingly aware of their important strategic role in building digital resilience. Mitigating critical information infrastructure risks is a key area of focus in Singapore’s Cybersecurity Act and Cybersecurity Code of Practice for Critical Information Infrastructure, Malaysia’s Cyber Security Act 2024, and Indonesia’s Presidential Regulation No. 82 of 2022 on Protection for Vital Information Infrastructure. 

In Singapore, the proposed Digital Infrastructure Act (DIA) is intended to complement the Cybersecurity Act and other regulatory levers.¹ The DIA seeks to go beyond cybersecurity to address a broader set of resilience risks faced by digital infrastructure and service providers. These range from misconfigurations in technical architecture to physical hazards, such as fires, water leaks and cooling system failures.

Such laws provide companies operating in the respective jurisdictions with crucial guidance on leading practices for protecting cyber and digital systems as they embark on their journey toward digital resilience. Building such resilience is not just the government’s responsibility; enterprises also play a vital role in this imperative to effectively address the threat of disruptions and foster stakeholder trust in the organization. 

Board and C-suite involvement and commitment 

Building digital resilience is not just an IT team’s responsibility; it necessitates full engagement from the board and C-suite executives. They oversee the company’s strategic direction in managing cyber and digital risk, investment, culture, and compliance. To build trust, the board must foster transparency by openly communicating digital resilience initiatives and progress to stakeholders — including customers, investors, regulators and partners — through annual reports, shareholder meetings and public communications. This approach builds confidence in the company’s ability to protect sensitive information, maintain business continuity and drive growth as well as its commitment to doing so.

The board and C-suite need to take several key steps when building digital resilience.

1. Build board and C-suite awareness 

Although board members and nontechnical C-suite executives are not expected to be technical experts in the cyber or digital domains, they must maintain a strong understanding of cybersecurity principles and the impact and risks of digital technologies. This would enable them to make informed strategic decisions to enhance digital resilience.

2. Invest in digital resilience 

Position digital resilience as a strategic business imperative so that resources are allocated effectively to the implementation of advanced technologies and employee training. Difficult decisions on strategic trade-offs in resourcing and investment must be made at the board level.

3. Build strong corporate governance 

It is crucial to establish policies and governance frameworks so that the company can comply with data protection laws, industry standards and international regulations across all geographies and jurisdictions where it operates. This would help avoid legal penalties or even criminal negligence, especially in jurisdictions where laws are stricter.

4. Foster a culture of digital resilience awareness 

Promote a culture of digital resilience awareness across the organization by emphasizing its importance in all aspects of the business from product development to employees’ practices. No single person or team is responsible for building digital resilience; it requires the involvement of all employees as the organization is only as strong as its weakest link. The goal is to inculcate a mindset of always considering cyber or digital risks in work among all employees.

5. Assess and manage cyber and digital risks 

Evaluate and manage risks associated with digital transformation and cybersecurity threats, including those related to the supply chain and third parties. Risks must be quantified to effectively assess the impact of incidents on the business in terms of reputational, financial, legal and operational damage. The board and C-suite would then need to decide on the company’s risk threshold and establish measures for risk transference, mitigation, avoidance and acceptance.