94% of enterprises say that cybersecurity is top of mind and 85% agree that cyber disaster recovery is a major priority that needs more investment.
Cyber recovery is unpredictable and involves a multi-level complex response to recover across the control plane, applications, services, and data. Our research shows that nearly all enterprises agree (94%) there is concern about recovering from different technology disaster scenarios such as cyber attacks. More than four in five respondents (85%) stated cyber disaster recovery is a priority and they know their organization must invest more here.
This eGuide takes a deeper dive into the cybersecurity responses and data from Cutover’s “The IT disaster and cyber recovery trends and insights report’. The report’s findings are rooted in a survey of IT decision makers and influencers at major corporations, conducted in July 2023.
The survey
300 Respondents - 200 from the U.S and 100 from the U.K.
The report supplements the survey findings with secondary research. Cutover would like to thank participants for their time and insights.
Recovery time from cyber attacks is increasing
With most organizations experiencing an increase in technology service disruptions or outages over the past 12 months, 56% of respondents rank cyber threats such as ransomware as the leading contributing factor to their disruptions.
Cybersecurity incidents are far reaching, impacting not only the IT team but the business, financials, brand and reputation. The increase, in both sophistication and volume, is significantly impacting digital transformation projects. Our research shows that 73% of respondents agree that cyber outages are slowing down digital transformation progress. Cyber attacks can cause delays, disruptions or data breaches to any number of digitization projects.
Additionally, most respondents (87%) say it takes longer to fully recover from a cyber attack now than 1-2 years ago. The recovery time for a cyber incident can vary depending on the attack vector. For example, recovery time for a ransomware attack is contingent on the last good known source of data and clean environment to rebuild systems.
Level of concern about recovery from technology disaster scenario
Almost all respondents, 94%, are very or quite concerned about recovering from a cyber attack which is unsurprising due to the prevalence of cybercrimes. When comparing responses by geography, U.S. respondents are significantly more concerned about recovering from power outages or outages caused by human error. With the exception of network outage, U.S. respondents show higher concern levels for recovering from the various types of technology disaster scenarios.
Despite the differences in concern levels, the average duration of downtime is similar for both regions. In the U.S., the average duration of downtime after a ransomware attack is nearly three weeks. Similarly, the average downtime for a U.K. company experiencing a ransomware attack is 1-3 weeks. Any amount of downtime has serious implications on dayto-day operations for organizations, but weekslong outages will likely have serious impacts on customers and the organization as a whole.
Cybersecurity concern is on the rise
Enterprises are justifiably concerned about the widespread implications of evolving and increasing cyber attacks. While industries will be impacted in different ways, there is consensus about the high-level business concerns. Respondents cite data loss as the biggest concern (67%) followed by financial impacts (66%) and reputational damage (57%).
We surveyed enterprises on concern not just on the type of cybersecurity threats but also regarding the business implications. Unsurprisingly, there’s only 13 percentage points difference across all business implications. Data loss tops the chart as the biggest concern with financial impacts as a close second and reputational damage rounds out the top three concerns.
Our research shows some sectors, like financial services, are more concerned with the operational impacts of cybersecurity threats. 68% of financial services firms respond that operational disruption is a top concern compared to other sectors’ responses at 55%. Financial firms are under more scrutiny to disclose details of cyber attacks, with regulatory bodies increasing requirements to outline incident response plans and run comprehensive resilience tests. Enterprises are also concerned about the type of cybersecurity threats they face. While ransomware gets the most public and press attention, it is technically a subset of malware, which is the most common type of cyber attack. However, our research shows that enterprises’ level of concern about cybersecurity threats over the next 12 months is distributed without huge variations across all cybersecurity threats.
Cybersecurity requires a culture, not just technology
To combat evolving cyber attacks and intense regulatory requirements, enterprises need a well defined cybersecurity strategy and posture. While automation and technology are critical, culture and processes are just as important. Our research shows that 82% of respondents agree that resilience is as much about culture and processes as technology. Culture and processes are the foundation of a cybersecurity posture and technology and automation are the execution engines.
Cybersecurity implications stretch beyond just the tangible financial and operational impacts. The overall integrity and viability of the business are often called into question. Employees, partners, customers and regulators demand that their sensitive information will be protected and the company is well prepared to counter any cyber attacks. In our research, more than half (54%) of enterprises respond that loss of customer confidence and trust is one of their top three concerns.
“By prioritizing cybersecurity, a business helps employees feel secure, valued, and accountable, fostering a culture of diligence, ethical behavior, and resilience in the face of adversity.” Craig Gregory, CISO of Cutover
Diving deeper to compare U.K. vs. U.S. responses, we find that firms place concern on cybersecurity implications in different ways. The U.S. enterprise respondents are more concerned about the financial impacts of cyber threats with 61% ranking it as one of the top three concerns compared to 47% of U.K. firms. On the other hand, U.K. respondents are more concerned with loss of customer confidence and trust with 62% ranking it as one of the top three concerns compared to only 50% of U.S. respondents.
Moving towards the automation revolution
Enterprises must look towards automation and innovation to recover from cyber attacks and ultimately reduce IT service disruptions and recovery times. In our research, 85% of respondents agree that the best performing companies will have automated disaster recovery by 2025.
The benefits of automating disaster recovery, including cyber recovery, are far reaching and broad. Automation can mean different things to different organizations. In our research, we surveyed enterprises on automating the following elements: integration with other systems, post-event reporting and regulatory audit logs, manual repetitive tasks and communication/collaboration.
About Cutover
Cutover helps you reduce the complexity and unpredictability of cyber recovery. Streamline your recovery process by combining human decision making and automated tasks with enterprise visibility and integration into your technology stack. Gain confidence in your cyber recovery procedures with dynamic runbooks to automate cyber recovery processes - bringing order to the chaos.
Learn more about how Cutover’s automated runbooks take the risk and cost out of cyber recovery operations. Book a demo today.
.webp)
