Breached firms invest 30% more in cyber resilience says report

New research by Commvault has revealed that organisations which have previously experienced cybersecurity breaches tend to invest more heavily in cyber resilience and recovery strategies, subsequently enhancing their ability to recover from future incidents. The 2024 Cyber Recovery Readiness Report, conducted globally and in partnership with GigaOm, surveyed 1,000 security and IT professionals across 11 countries, highlighting significant behavioural changes between breached and non-breached organisations.

The report indicates that organisations which have been breached allocate nearly 30% more funds to cybersecurity measures compared to those that have not encountered such incidents. This proactive approach extends to understanding data risk profiles, with breached organisations being 2.5 times more likely to prioritise these assessments. Furthermore, nearly all breached organisations (98%) regularly test their cyber preparedness plans, in contrast to 20% of non-breached organisations that do not conduct any recovery plan testing.

The increased focus and investment in cyber resilience translate to tangible benefits. The report states that breached organisations with comprehensive cyber recovery plans can recover 41% faster than their less-prepared peers. Specifically, these organisations are 32% more likely to restore operations within 48 hours, in comparison to others that might take up to three weeks or more. This shortened recovery time significantly reduces both financial losses and potential damage to customer trust and brand reputation.

Brian Brockway, Chief Technology Officer at Commvault, remarked on the significance of the report's findings. "We’ve all heard the expression hindsight is 20/20, and that could not be more applicable when it comes to the findings of this survey," he said. "Our survey shows that the most resilient organisations are those that continuously test and refine their recovery strategies, learning from each incident to strengthen their defences. It’s this proactive mindset, rather than reactive spending, that makes the difference."

The financial implications of cyber incidents underscore the value of investing in cyber recovery readiness. The costs associated with breaches, including operational disruptions and regulatory fines, often far surpass the expenses involved in maintaining robust cyber resilience measures.

Chris Ray, Cybersecurity Analyst at GigaOm, emphasised the importance of adopting a holistic approach to cyber resilience. "The findings should be a call to action for all organisations, not just those that have been breached," he noted. "Cyber threats are constantly evolving, and so too must the strategies to counter them. It’s about adopting a holistic approach to cyber resilience that integrates people, processes, and technology, ensuring readiness at every level."

Additionally, the report identifies five key capabilities, referred to as resiliency markers, which when employed collectively, enable organisations to recover more swiftly from cyberattacks. These resiliency markers were determined through detailed analysis of survey data covering various topics, including breach frequency, deployed resilience technologies, and recovery times post-attacks.