Report: 67 Percent of Businesses Lack Confidence of Full Recovery After Cyber Attack

New research commissioned by Cohesity reveals the majority of businesses do not have the necessary cyber resilience strategies or data security capabilities required to address today’s escalating cyber threats and maintain business continuity. Furthermore, their cyber resilience efforts are not keeping pace with cyber threats, with data security and recovery technology deficiencies reducing cyber insurance eligibility and increasing the fallout of a successful attack.

In comparing the cybersecurity outlook for 2023 to 2022, 93% of respondents said they felt the threat of ransomware attacks to their industry had increased in 2023. Alarmingly, almost half of respondents (45%) confirmed their business had been the victim of a ransomware attack in the prior six months. Respondents also revealed that their business’ cyber resilience and data security capabilities have not kept pace, with 80% expressing concerns about their organization’s cyber resilience strategy and whether it can ‘address today’s escalating cyber challenges and threats’.

Business continuity is critical even when adverse cyber events arise, however, businesses are slow to respond because they lack the capability to recover data and restore business processes quickly. When asked how long their organization would take to recover data and business processes if a cyberattack occurred? Over 95% of respondents revealed their business would need over 24 hours, 71% said it would take more than 4 days, while a fourth (41%) of respondents said over a week would be required.

Unsurprisingly, two-thirds respondents (67%) lack full confidence that their company could recover their data and critical business processes in the event of a system-wide cyberattack. Diving deeper into cyber resilience and data recovery expectations versus reality, 90% of respondents said their business would consider paying a ransom, with close to 3 in 4 (74%) saying ‘Yes’ their organization would pay, if it meant being able to recover data and business processes, or recover faster.

“Companies cannot afford to be offline and unable to maintain operations, especially for more than a day. However, the stark reality is that many organizations are vulnerable to leverage from cyber criminals because they are incapable of rapidly recovering their data and business processes when necessary,” said Brian Spanswick, chief information security officer and head of IT, Cohesity. “Therefore, it’s no surprise that 9 in 10 respondents said their business would consider paying a ransom to maintain continuity.”

When asked about the biggest barriers to their organization being able to get back up and running in the event of a successful cyberattack, respondents said their top three challenges were integration between IT and security systems (34%), a lack of coordination between IT and security (33%) and antiquated backup and recovery systems (32%). Further clarity was provided by respondents regarding their ability to secure their data estates, with less than half stating they are confident all their data stored in the cloud (44%) or at the edge (42%) is secure and protected, and less than 3 in 10 (28%) are confident data stored on-premises is secure and protected.

“IT and SecOps must co-own organizations’ cyber resilience outcomes to identify sensitive data and protect, detect, respond, and recover from cyberattacks,” said Spanswick. “Relying on traditional backup and recovery systems, which lack modern data security capabilities, in today’s sophisticated cyber threat landscape is a recipe for disaster. Instead, organizations should seek out data security and management platforms that integrate with their existing cybersecurity solutions and provide visibility into their security posture and improve cyber resilience.”

“It’s not a surprise that over half of organizations still struggle with securing data in the cloud. The reality is most organization’s data is scattered across different environments and varies by type,” said Tyler Young, CISO of BigID. “That’s why solutions like BigID that enable organizations to know and control their data become ever more critical.”

Consequently, 87% of respondents said that to help win the war against ransomware, data and cybersecurity vendors must collaborate to provide complete and integrated anti-ransomware solutions, and 9 in 10 respondents feel their business would benefit from a data security and management platform that provides insights on their overall security posture and cyber resilience.

“The only way to achieve cyber resilience is by prioritizing proactive security measures that will prevent cyberattacks in the first place,” said Ray Komar, vice president of technology and cloud alliances, Tenable. “This approach should also extend to backup and recovery measures to ensure business continuity in the event of a cybersecurity incident. This requires organizations to not only manage their cyber risk, but better understand their exposure to risk by leveraging vulnerability and exposure data to make informed decisions on remediation efforts.”

This is especially urgent given that adequate data backup and recovery services are critical to have in order to qualify for cyber insurance – and not all solutions are created equal. While almost 3 in 4 (74%) respondents confirmed their company has cyber insurance, close to half (46%) of all respondents said it is now harder to obtain cyber insurance than it was in 2020. Respondents also shared the three most critical technologies or capabilities required to secure cyber insurance are: “strong encryption” (40%), the “ability to verify the integrity of backups” (38%) and MFA (37%) as their top needs.

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.