US firms ramp up defences after cyber breach; yeild more benefits
By Gloria Methri
Organisations in the US that have experienced cyber breaches are investing significantly more in cyber resilience—and it’s paying off. According to the 2024 Cyber Recovery Readiness Report by Commvault, an expert in cyber resilience and data protection, breached companies are dedicating more time, money, and effort to safeguard their systems.
The survey, conducted in collaboration with GigaOm, gathered data from 1,000 security and IT professionals across 11 countries, providing valuable insights into how past breaches drive greater focus on cybersecurity preparedness and recovery strategies. According to the survey:
Investments in cyber resilience have increased: Organisations that have been breached spend nearly 30% more on cybersecurity measures than those that haven’t.
Understanding data risk profiles is given more attention: Breached organisations are nearly 2.5 times more likely to prioritise understanding their data risk profiles, which highlight data types and relative levels of risk.
Cyber readiness testing is prioritised. Breached organisations conduct more testing to find gaps in their cyber preparedness plans. Twenty percent of organisations that haven’t been breached do not test their recovery plan at all; that number drops to just two percent for organisations that have been breached.
Resilience speeds recovery
The impact of these added investments and focus on cyber resilience is significant. According to the survey, breached organisations that have invested in comprehensive cyber recovery plans recover 41% faster than their less-prepared counterparts.
In terms of specific recovery times, breached companies state that they are 32% more likely to recover within 48 hours compared to those that have not been breached – a much better outcome than the recovery times noted by other respondents, which could be three weeks or more. This reduced downtime can translate to significant savings, both in terms of direct financial losses and the preservation of customer trust and brand reputation.
“We have all heard the expression hindsight is 20/20, and that could not be more applicable when it comes to the findings of this survey,” said Brian Brockway, Chief Technology Officer at Commvault. “Our survey shows that the most resilient organisations are those that continuously test and refine their recovery strategies, learning from each incident to strengthen their defences. It is this proactive mindset, rather than reactive spending, that makes the difference.”
Like health insurance, where the cost of coverage often far outweighs the potential expenses of medical emergencies, cyber recovery readiness serves a similar purpose. The report underscores that the costs of being breached—ranging from operational disruption to regulatory fines—far exceed the expenses of proactive cyber resilience measures.
“The findings should be a call to action for all organisations, not just those that have been breached,” said Chris Ray, Cybersecurity Analyst at GigaOm. “Cyber threats are constantly evolving, and so too must the strategies to counter them. It is about adopting a holistic approach to cyber resilience that integrates people, processes, and technology, ensuring readiness at every level.”
In addition to these findings, Commvault and GigaOm pinpointed five key capabilities, also called resiliency markers, that, when deployed together, helped companies recover faster from cyberattacks and experience fewer breaches compared to companies that did not follow the same path.
These five resiliency markers emerged after data analysis teams combed through the same survey results on a range of topics, including how often companies were breached, what resilience technologies were (or were not) deployed, and how rapidly businesses were able to recover data and resume normal operations.
The resiliency markers are as follows:
- Security tools that enable early warning about risk, including insider risk.
- A known clean dark site or secondary system is in place.
- An isolated environment to store an immutable copy of the data.
- Defined runbooks, roles, and processes for incident response.
- Specific measures to show cyber recovery readiness and risk.
ALSO READ: Cybersecurity in Financial Services Report Q2 2024
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage