Almost a fifth of organisations experienced operational disruptions lasting up to two weeks, with many others losing nearly five days' productivity following a cyberattack. This was revealed in Absolute Security's research into enterprise Cyber Resilience.
Cyber Resilience involves ensuring critical cyber defences are functional and quickly restoring operations post-incident. This global study, surveying 750 Chief Information Security Officers (CISOs) in the US and UK, offers insight into the current state of Cyber Resilience, highlighting challenges and recovery strategies.
Over the past year, 55% of CISOs reported their organisations were victims of cyberattacks or data breaches that incapacitated various endpoints. Recovery times exceeded 4.5 days for the majority, while 19% of organisations took up to two weeks to resume normal operations. The implied financial burden isn't trivial either, with costs per incident averaging $2.5 million.
CISOs find themselves in key roles, having evolved from just being security managers to leading recovery operations post-attack. They are now expected to ensure business continuity, with 72% acknowledging this expanded responsibility. Alongside this, 61% highlight that boards demand assurance against breaches.
The challenges of downtime, job losses, and potential legal repercussions are all significant worries for 59% of CISOs.
A shift in focus is evident, with 65% of CISOs prioritising Cyber Resilience over traditional strategies like threat prevention and detection. This is indicative of an evolving mindset, contrasting with previous figures where 90% had resilience strategies implemented.
Absolute Security’s new initiative, The Resilient CISO Inner Circle, aims to support CISOs. This community, aimed at supporting CISOs worldwide, features insights from industry CISOs and interactive sessions via LinkedIn Live.
To explore the detailed survey findings, join The Resilient CISO Inner Circle.
