Concerns about the ability to recover from a cyber incident across industry verticals are increasing as bad actors get more sophisticated. Many organizations are recognizing the need to mature their cyber recovery capabilities and this is being further driven by changing regulations that hold them to a higher standard. While historically there has been a significant focus on cyber incident prevention, cyber recovery is now being recognized as a crucial element to a holistic cyber strategy as breaches cannot be completely avoided.
We spoke to five leaders in cybersecurity, technology and financial services about how they view cyber security and recovery going forward and their top concerns, predictions, or pieces of advice:
Cybersecurity company founder
“There is a preparation gap.”
Many organizations undervalue preparedness for cyber failures, often acting due to compliance needs or past lessons. Organizations need to be more proactive in planning for how they recover from a cyber breach and learn more about possible new threats. Ransomware is the biggest concern due to the volume and sophistication of attacks.
Director of cyber operations at a major bank
“Cyber recovery is significant.”
Cyber recovery is an area of significant need, primarily driven by fear, particularly of ransomware.
“Recovery doesn’t equal success.”
Even after paying a ransom after a ransomware attack, businesses successfully recover only 30-70% of the time - this shows the need for more effective recovery strategies.
Board member of a bank holding company
“Perceptions are changing.”
Previously, there was a belief that preventing a cyber breach was the most important thing to focus on but there’s now a universal acceptance that cyber attacks are inevitable. This has shifted the focus from prevention to recovery.
“There is a need for more awareness.”
While cyber professionals were always aware of the inevitability of cyber attacks, other sectors are only now beginning to recognize and prepare for this reality.
“Funding is reflecting these new priorities.”
Boards and CEOs are increasingly willing to allocate resources and funding to address cybersecurity and recovery needs.
CIO of a computer software company
“Cyber is especially important for financial services.”
They recognize the high importance of avoiding downtime due to the time-sensitive nature of their services. There is a strong potential for systems to be down for up to 10 days from a pervasive cyber event if the proper recovery preparations are not in place.
“Manufacturing is also at risk.”
Capital-intensive operations make manufacturing firms particularly sensitive to downtime, resulting in production losses with fixed costs.
“The technology industry is a target.”
Companies like Meta, Google, and AWS are perceived to have a significant need for robust cyber recovery solutions - when they have outages, everyone knows about it.
“There’s strong significance for the medical sector.”
Hospitals prioritize non-disruption in surgeries through air-gapping. However, accessing electronic medical records quickly remains critical and there is potential for disruption here from bad actors.
“Oil and gas is transforming.”
The digital transition in this industry, underlined by remote telemetry and digital operations, shows an interest in ensuring uptime.
Former CISO of a financial company
“Focus on recovery.”
Security budgets are remaining steady despite many organizations cutting back in other areas. There is a recognition that this is a major area for concern and that you can’t completely prevent a breach so effective recovery is key.
“Current solutions are failing.”
Companies commonly use non-executable recovery playbooks stored in Confluence pages and spreadsheets. There is a growing demand for automation in recovery.