When it comes to experiencing failure of at least part of an enterprise’s digital environment, it is a matter of “when” rather than “if.” Fifty-nine percent of insurance executives surveyed by Accenture Strategy said that their organizations experience significant attacks that test the resilience of their IT systems daily or weekly. Operational technology systems are subjected to cyber attacks nearly every day.
As digital capabilities increasingly become the glue that bonds sophisticated enterprises, downtime is not just costly but untenable. Failures and hostile cyber actions have profound impacts on enterprise performance—even enterprise viability. Yet, combined properly, the same technologies that are driving the digital enterprise can enable resilience at a level not possible before.
Savvy organizations are self-aware, with a realistic sense of their own weak spots in both information technology (IT) and operational technology (OT). Many insurers, however, have a long way to go. Just 5 percent of insurers run inward-directed attacks and intentional failures to test their systems, fewer than half of insurers map and prioritize their security, operational and failure scenarios, and only 52 percent have produced threat models for existing and planned business operations.
While executives assess and shore up security around their own enterprises, they must also look farther afield, considering the impact of breaches on other members of their network. Timely adjustment requires both resilience and agility—organizations need to move quickly to maintain operations, address the outage and bounce back from any damage they may incur.