Six major gaps in resilience – and what need to be done to bridge them.

A new research report developed by EconomistImpact and supported by Telstra International, examines how organizations in APAC cope with technology disruptions, from cyber incidents to system failures, supplier outages, governance gaps, and decision‑making, particularly under real-world pressure.

The research is based on a survey of 1,420 senior executives across 11 APAC markets, with benchmarks from the United States, United Kingdom, and Germany.

Key findings from the report include:

  • Ecosystem resilience is the weakest link in digital resilience efforts
    APAC organizations are confident in their internal measures, such as training and testing, but confidence fades beyond their boundaries: only 12% have first-hand insight into suppliers’ resilience. 
    Limited information-sharing, infrequent joint simulations and weak partner governance make ecosystem interdependencies the main source of resilience failure. 
    Without active governance of key partners, disruptions spread easily, no matter how strong internal controls are. Such governance should include setting shared standards, conducting joint tests and ensuring clear visibility into third-party risks.
  • Workforce preparedness remains foundational rather than future-ready
    Resilience grows when planning and training focus on the ability to respond. Organizations must instil adaptive behaviors such as cross-functional co-ordination and under-pressure decision-making. The emphasis should be on how quickly teams can reorganize work when systems fail.
    Organizational gaps, not tools, derail incident response
    Organizations plan widely for responding to threats of digital disruption. But less than one-quarter (23%) of responses to real threats go according to plan. 
    Plans fail not due to a lack of technology, but because decision-making, co-ordination and authority structures break down in practice. Organizations cannot rely on technology investment alone to strengthen resilience.
  • Confidence is limited in external resilience enablers
    Executives express strong confidence in cybersecurity policy and planning (57%) but are far less assured in other external enablers of resilience, including the reliability of communications networks, regulatory clarity and the stability of power supply. 
    This uncertainty requires organizations to factor in redundancy and enable degraded-mode operations, across regions and cloud providers.
  • Risk management is largely reactive and monitoring is limited
    Most organizations have formal risk management frameworks, but these center mainly on cyber and IT risks. Attention to regulatory, supplier, geopolitical and climate risks is limited, and monitoring is periodic. 
    This leaves processes better suited to documenting known risks than to anticipating and managing fast-moving disruption. Continuous monitoring and forward-looking scenario-testing must become standard practice.
  • Senior leaders recognize digital resilience, but shared ownership remains limited 
    Senior-level responsibility for digital resilience tends to fall to one executive, such as the CIO. 
    At most organizations, boards are not heavily involved in review or planning of resilience-building efforts, which constrains strategic oversight and weakens enterprise-wide coordination.