Majority of Businesses Lack Cyber Resilience Strategies to Tackle Escalating Threats

New research by Cohesity reveals businesses’ lack of cyber resilience strategies amid escalating cyber threats.

In a new study commissioned by Cohesity, a leading data security and management company, it has been uncovered that a significant number of businesses are ill-equipped to deal with the increasing cyber threats of today and are struggling to maintain business continuity. The research highlights the deficiency in cyber resilience efforts and data security capabilities, which in turn is reducing cyber insurance eligibility and exacerbating the consequences of successful cyberattacks.

Comparing the cybersecurity outlook for 2023 to the previous year, a staggering 93% of respondents stated that they perceived the threat of ransomware attacks to their industry had risen in 2023. The gravity of the situation becomes even more apparent as nearly half of the respondents (45%) confirmed that their business had already fallen victim to a ransomware attack in the last six months. With cyber threats escalating, 80% of respondents expressed concerns about their organization’s cyber resilience strategy and its ability to effectively address the growing challenges and threats.

Business continuity becomes paramount when faced with adverse cyber events. However, the study reveals that businesses are slow to respond due to their inadequate capability to recover data and restore business processes swiftly. Over 95% of respondents estimated that their organization would require more than 24 hours to recover from a cyberattack, with a staggering 71% indicating that it would take more than four days, and 41% reporting that it would take over a week to recover.

Alarmingly, two-thirds of respondents (67%) lack full confidence in their company’s ability to recover critical data and business processes in the event of a system-wide cyberattack. Delving deeper into cyber resilience and data recovery expectations, the research found that 90% of respondents would consider paying a ransom to regain access to their data and business processes, with approximately 74% stating they would indeed pay if it meant a faster recovery.

Brian Spanswick, Chief Information Security Officer and Head of IT at Cohesity, highlighted the vulnerability of organizations to cybercriminals due to their inability to recover data and business processes rapidly. He emphasized that companies cannot afford to be offline for extended periods, making it understandable why 90% of respondents would consider paying a ransom to maintain business continuity.

The study also identified the major barriers hindering organizations’ ability to recover from successful cyberattacks. Respondents cited three significant challenges: integration between IT and security systems (34%), lack of coordination between IT and security (33%), and antiquated backup and recovery systems (32%). Additionally, confidence in securing data stored in various environments was low, with less than half (44%) feeling secure about data stored in the cloud and even fewer (28%) feeling confident about data stored on-premises.

To address these challenges, IT and SecOps must work together to identify sensitive data, protect against cyberattacks, detect potential threats, and recover efficiently when incidents occur. Relying on traditional backup and recovery systems with inadequate data security capabilities is no longer viable in the current sophisticated cyber threat landscape.

Tyler Young, Chief Information Security Officer of BigID, emphasized the importance of data control and knowledge in securing scattered data across different environments. He emphasized that solutions like BigID play a critical role in enabling organizations to understand and manage their data effectively.

In light of the increasing ransomware threat, 87% of respondents stressed the need for collaboration between data and cybersecurity vendors to provide comprehensive and integrated anti-ransomware solutions. Additionally, 9 out of 10 respondents believe that their business would benefit from a data security and management platform that offers insights into their overall security posture and cyber resilience.

Ray Komar, Vice President of Technology and Cloud Alliances at Tenable, underscored the importance of proactive security measures to prevent cyberattacks and ensure business continuity. He advocated for leveraging vulnerability and exposure data to make informed decisions on remediation efforts.

Notably, adequate data backup and recovery services are crucial for qualifying for cyber insurance. However, nearly half (46%) of all respondents revealed that obtaining cyber insurance has become more challenging compared to 2020. The three critical technologies or capabilities sought after by businesses to secure cyber insurance are strong encryption (40%), the ability to verify the integrity of backups (38%), and multi-factor authentication (MFA) (37%).

The study’s findings sound a wake-up call for businesses to strengthen their cyber resilience strategies and invest in modern data security and management platforms that integrate with existing cybersecurity solutions. By proactively prioritizing security measures and adopting robust backup and recovery systems, organizations can better protect themselves against the rising tide of cyber threats in 2023 and beyond.