Cohesity report: firms overconfident in cyber resilience abilities
A recent survey conducted by data security firm Cohesity reveals that many organisations overestimate their cyber resilience capabilities, leading to significant issues in business continuity and a high rate of ransom payments. The Cohesity Global Cyber Resilience Report 2024 encompasses responses from over 3,100 IT and security decision-makers in eight countries, emphasising the increasing threat of cyberattacks, particularly ransomware. The survey found that a majority of organisations had experienced a ransomware attack in the past six months, with most having paid a ransom in the past year.
Despite facing a worsening cyber threat landscape, nearly 78% of respondents expressed confidence in their company's cyber resilience strategies. However, 67% of these organisations had been victims of ransomware attacks in 2024, with 96% saying the threat of cyberattacks to their industry had increased or would increase this year. Approximately 59% of respondents projected that the threat would increase by over 50% compared to 2023.
While confidence levels are high, only 6% of respondents said their organisation would not pay a ransom to recover data and restore business processes. In contrast, 83% indicated they would consider paying a ransom. A staggering 75% of respondents mentioned their company would be willing to pay over USD $1 million in ransoms, and 22% said their firm would pay over USD $5 million. Alarmingly, 69% of organisations admitted to paying a ransom in the past year despite having a 'do not pay' policy.
Cohesity's Chief Information Security Officer (CISO) and Chief Information Officer (CIO), Brian Spanswick, noted, "The reality for organisations is that destructive cyberattacks, like ransomware, are a 'when' not 'if' reality that threatens their business continuity. [...] Organisations may have the greatest confidence in their cyber resilience, both in their strategy and capabilities, but the reality is that the majority are paying ransoms or would pay a ransom, so organisations are overconfident or overestimate their cyber resilience."
The survey also highlighted the disconnect between companies' perception of their recovery capabilities and the actual time required to recover from cyberattacks. Only 2% of respondents could recover data and restore business processes within 24 hours, while 16% needed over three weeks. Almost half of the respondents reported that they required over six days to recover data and restore usual business processes. Yet, 98% of respondents said their target was to achieve recovery within one day, with nearly 45% aiming for recovery within two hours.
Only 54% of respondents believed their central visibility of critical data was adequate to detect anomalies or breaches. Around 52% had implemented multi-factor authentication (MFA), 49% had multiple approval requirements for administrative changes, and 46% had role-based access controls (RBAC). Spanswick remarked, "The fact that almost 1 in 2 organisations are not implementing these controls to protect sensitive data is alarming and demonstrates a significant risk to an organisation's cyber resilience."
The study also found that only 42% of respondents possessed all the necessary IT and security technologies to identify sensitive data and comply with data privacy laws and regulations. Nevertheless, 79% considered advanced threat detection, data isolation, and data classification essential for qualifying for or securing discounts on cyber insurance policies.
Industries most impacted by cyberattacks, according to respondents, included IT and Technology (40%), Banking and Wealth Management (27%), Financial Services (27%), Telecommunications and Media (24%), Government and Public Services (23%), Utilities (21%), and Manufacturing (21%).
Among the respondents, 80% indicated that their organisations had encountered AI-based cyberattacks in the last year, with 82% of these asserting they had necessary AI-powered solutions to counter such threats. Spanswick concluded, "Successful cyberattacks and data breaches severely disrupt business continuity; impacting revenue, reputation, and customer trust. This risk must be at the forefront of business leaders' priorities, not just IT and Security leaders."