Majority of Companies Unable to Recover Their Data and Restore Their Business ProcessesWithin Three Days
Cohesity’s widespread cyberattacks are pushing most companies to breach their ‘do not pay’ policies, worsened by data recovery issues. A survey of 900 IT and Security decision-makers reveals a prevailing mindset among companies that views cyberattacks as an inevitable ‘when’ rather than ‘if.’ Over the past two years, the majority of companies have paid ransoms, and a significant number anticipate a substantial increase in cyberattack threats in 2024 compared to 2023.
Organizations can’t control the increasing volume, frequency, or sophistication of cyberattacks such as ransomware
Brian Spanswick, chief information security officer and head of IT, Cohesity
Alarmingly, close to 8 in 10 (79%) respondents said their company had been the ‘victim of a ransomware attack’ between June and December. The cyber threat landscape is expected to get even worse in 2024, with 96% of respondents saying the threat of cyberattacks to their industry will increase this year and over 7 in 10 (71%) predicting it will increase by more than 50%.
Organizations’ attack surfaces are informed by the size and scope of their data environments. However, 78% of respondents said their data security risk has now increased faster than the growth in the data they manage. Respondents also believe organizations’ cyber resilience and data security strategies are not keeping up with the current threat landscape, with just 21% having full confidence in their company’s cyber resilience strategy and its ability to ‘address today’s escalating cyber challenges and threats’.[1]
Slow Data Recovery & Lack of Cyber Resilience Results Ransom Payments
Cyber resilience is the technology backbone for business continuity. It defines companies’ ability to recover their data and restore business processes when they suffer a cyberattack or adverse IT event. However, according to respondents, every company has cyber resilience and business continuity challenges:
- All respondents said they need over 24 hours to recover data and restore business processes
- Just 7% said their company could recover data and restore business processes within 1-3 days
- 35% said they could recover and restore in 4 to 6 days, while 34% need 1-2 weeks
- Alarmingly, almost 1 in 4 (23%) need over 3 weeks to recover data and restore business processes
Further demonstrating cyber resilience gaps, just 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.
Unsurprisingly, 94% of respondents said their company would pay a ransom to recover data and restore business processes, while 5% said ‘maybe, depending on the ransom amount.’ More than 2 in 3 (67%) said their company would be willing to pay over $3 million to recover data and restore business processes, with 35% of respondents saying their company would be willing to pay over $5 million. The research also showed the importance of being able to respond and recover, as 9 in 10 said their organization had paid a ransom in the prior two years, despite 84% saying their company had a ‘do not pay’ policy.
“Organizations can’t control the increasing volume, frequency, or sophistication of cyberattacks such as ransomware. What they can control is their cyber resilience, which is the ability to rapidly respond and recover from cyberattacks or IT failures by adopting modern data security capabilities,” said Brian Spanswick, chief information security officer and head of IT, Cohesity. ”