From rising risk to AI-powered resilience: How are organizations adapting their major incident management practices in 2025?
This report was produced by Cutover and is based on independent research conducted by Insight Avenue in July 2025. The study is based on interviews with 300 IT and operations leaders from organizations with over 5,000 employees. The primary aim was to understand the current state of major incident management, its challenges, and future trends.
The sample was drawn from a wide range of locations and company sizes. A total of 200 interviews were conducted in the US, with 50 each in the UK and the Nordics. 49% were from companies with 5,000-9,999 employees and 51% from those with 10,000 or more.
The survey covered a diverse array of industry verticals, including retail, wholesale & distribution (18%), financial services & insurance (16%), technology (15%), manufacturing & industrial (15%), healthcare (10%), transport (7%), telecoms (5%), energy/utilities (3%), pharmaceutical (2%), media/entertainment (2%), and other private sector organizations (7%).
The individuals surveyed were either main decision makers (67%) or key influencers (33%) for major incident management in their organizations, with job titles such as IT Director/VP of IT/Head of Infrastructure/Head of Operations (36%), Head of Incident Management/Incident Manager/Commander/Major Incident Manager (28%), CIO/CTO/CISO (16%), and VP or Director of Cloud Operations/Infrastructure (14%).
What is the evidence that major incidents are on the rise?
Major incidents are becoming more frequent and severe, with 75% of IT and operations leaders believing their organization is at greater risk today than a year ago. This is a well-founded concern, as 65% of organizations have experienced a major incident in the past year.
What’s fueling the increase in major incidents?
Key factors driving this trend include rising cybersecurity threats (cited by 63%), IT skills shortages (48%), and the increased complexity of multi-cloud environments (45%). The average time to fully resolve a major incident is 3 hours and 10 minutes, and 52% of respondents report that incidents are taking longer to resolve than they did 12 months ago.
What are organizations' current approaches to incident management?
While the most common approach to incident management is through IT Service Management (ITSM) platforms (31%), many organizations believe their current procedures are outdated and pose a significant risk to their business.
How are organizations evolving to face greater threats from incidents?
There is a clear shift towards specialized incident orchestration tools, with 56% of organizations already using one and an additional 27% planning to do so in the next year.
What does best-in-class major incident management look like?
Automation is seen as a crucial component for improving incident management, with 85% of respondents who have invested in it reporting benefits such as faster resolution and enhanced visibility. A best-in-class platform is desired for its ability to automate repetitive tasks, provide real-time status updates for stakeholders, and create an indelible audit trail for post-incident review and compliance.
What are the benefits and concerns around using AI for MIM?
The report also highlights a growing optimism about the potential of artificial intelligence (AI) to improve incident management, with 87% of leaders feeling positive about its prospects. The top anticipated use cases for AI include recommending probable causes, analyzing post-incident data, and summarizing incident status. However, this optimism is balanced by significant concerns, primarily regarding privacy and security risks (46%) and the need for human oversight (45%). Ultimately, the future of major incident management lies in adopting a blend of technology and strategy that prioritizes speed, coordination, and resilience.
What key insights and trends will this report cover?
The findings of this report reveal a heightened sense of risk among organizations, with 75% believing they are more susceptible to major incidents today than they were 12 months ago due to factors like rising cybersecurity threats, IT skills shortages, and the increasing complexity of multi-cloud environments. While most organizations are concerned about managing and resolving cybersecurity breaches, many also express significant concerns about their outdated MIM procedures. The report highlights a growing reliance on automation and specialized incident orchestration tools to address these challenges, with a majority of respondents optimistic about the potential of AI to further enhance their incident management capabilities in the coming years. This analysis will explore these trends, detail the most prevalent approaches to MIM, and identify the key attributes of a best-in-class platform that can help organizations achieve greater resilience.
Are major incidents becoming more frequent?
Organizations are facing a growing sense of vulnerability, with many IT leaders feeling that their major incident exposure is on the rise. A significant majority of those surveyed, 75%, believe that their organization is at a greater risk of experiencing a major incident today than it was just 12 months ago.
This fear was fairly consistent across the board, but was greatest in the UK, with 82% of respondents agreeing, but it was still high in the US and Nordics at 74%. 80% of the manufacturing and industrial organizations had this concern, followed by 78% in technology, 77% in healthcare, 76% in financial services and insurance, and 75% in retail.
This concern is not unfounded, as 65% of organizations have experienced a major incident within the past year. The increased concern in the UK is not surprising, as 78% of organizations in that geography have experienced a major incident in the past year, vs 63% in the US and 60% in the Nordics.
What’s causing the increase in incidents?
The primary factors driving this increased risk are clearly identifiable. The most significant contributor is rising cybersecurity threats, cited by 63% of respondents. This is followed by IT skills shortages or a lack of in-house expertise, which was noted by 48%, and the increased complexity of multi-cloud or hybrid environments, cited by 45%. There is also widespread concern about outdated major incident management procedures, with 64% of respondents believing these pose a significant risk to their business.
Different types of major incidents can also have different levels of impact and some causes worry incident managers more than others. As well as being the most common cause of outages, cybersecurity breaches is also the one organizations are most concerned about (88%). This is followed by cloud performance outages (76%), hardware or infrastructure failures (72%), software failures or deployment errors (71%), human error (69%), third-party SaaS or service provider failures (68%), and power outages (53%). Overall, there’s a wide range of incident types that organizations need to be prepared for and they are highly cognizant of the difficulties of responding and the risks to their organization of lengthy recoveries.
What are the current approaches to incident management?
As mentioned, many organizations see they have significant risks to their business associated with outdated major incident management procedures, with 64% of respondents believing these pose a significant risk to their business. Concern for outdated methods was highest in healthcare (77%) and financial services, at (73%). Relying simply on ITSMs is no longer sufficient - when it comes to MIM solutions, 56% say they are using a specialized incident orchestration tool or platform (beyond ITSM) with another 27% planning to use one in the next 12 months. The organizations with higher levels of maturity are less worried about their ability to resolve incidents than the ones relying on manual methods.
Current approaches to major incident management vary. The most common approach is managing incidents through ITSM platforms (31%), particularly in the US (34%) and the financial services sector (39%). While reliance on fully ad-hoc and manual methods is declining, 14% still manage their incidents this way, and healthcare is the most reliant on manual methods at 23%.
Use of specialized incident orchestration tools is increasing but despite increasing automation, over half of respondents see themselves as being too reliant on manual processes in their current major incident management.
Fill in the form to read the full report.
