Businesses may overestimate their resistance to cyber threats.
The results of a comprehensive survey conducted by Censuswide, involving over 3,100 IT and security decision makers across eight countries, have shed light on some worrying trends in cyber resilience among companies. The survey, commissioned by Cohesity, reveals a disconnect between companies' projected cyber resilience and their actual capabilities in the face of a malicious attack.
Widespread struggle to recover from cyberattacks
The survey findings suggest that many companies may not be fully prepared to recover their business operations after a cyberattack. A significant number of respondents stated their companies had a targeted recovery time of one day, but nearly one-third said they would need at least four to six days, and 31% said they would need one to two weeks. This indicates a gap between companies' projected recovery times and their actual capabilities in the event of a significant cyberattack or security incident.
Data recovery challenges
The survey also highlighted data recovery challenges. A significant number of companies face issues with restoring data promptly and accurately following cyberattacks. There is often a lack of comprehensive approaches to protect data against modern cyber threats.
Growing awareness but slow progress
While companies recognize the need for improved cyber resilience, actual implementation of effective resilience measures is lagging. The report suggests that many IT and security leaders are not adhering to their own company's policies against paying ransoms, with nearly 7 in 10 admitting that their organization paid a ransom in the last year, despite having a policy against it.
Potential risk escalation
These weaknesses increase the exposure of organizations to operational disruptions and financial losses from cyber incidents. The incidents involving Change Healthcare and Microsoft Windows devices underscore the importance of robust recovery plans for catastrophic IT and security incidents.
The need for enhanced cyber resilience strategies
The survey underscores the urgent need for companies to enhance their cyber resilience strategies, including better data protection, faster recovery capabilities, and more robust incident response plans. About 4 in 5 respondents expressed confidence in their company's resilience strategy, but the report suggests that this confidence may be misplaced, as many companies have overestimated their cyber resilience capabilities.
The survey results reiterate the need for companies to reassess their recovery strategies and time objectives in light of the growing threat of cyberattacks and IT incidents. The report underscores the importance of robust cyber resilience strategies for companies to protect against and recover from malicious attacks.
- The survey findings indicate a significant gap between companies' projected recovery times and their actual capabilities in the event of a cyberattack, highlighting the need for enhanced data protection and faster recovery capabilities as part of a robust cyber resilience strategy.
- Despite the growing awareness of the need for improved cyber resilience, the survey reveals that many IT and security leaders are still not adhering to their own company's policies against paying ransoms, increasing the potential risk of financial losses and operational disruptions due to cyber incidents.
