Global Cyber Resilience Report 2024: Overconfidence and Gaps in Cybersecurity Revealed

-

The Global Cyber Resilience Report 2024 presents an in-depth evaluation of the present state of cyber resilience across various industries worldwide. Based on a survey conducted by Cohesity and Censuswide, involving 3,139 IT and Security Operations (SecOps) decision-makers from eight countries, this report sheds light on the numerous gaps between perceived and actual cyber resilience capabilities.

Survey Demographics and Scope

The survey, conducted in June 2024, covered each private and non-private organizations across several countries:

  • United States: ~500 respondents
  • United Kingdom: ~500 respondents
  • Australia: ~500 respondents
  • France: ~400 respondents
  • Germany: ~400 respondents
  • Japan: ~300 respondents
  • Singapore: ~300 respondents
  • Malaysia: ~200 respondents

Participants were evenly split between IT and SecOps professionals, providing a comprehensive overview of the present cyber resilience landscape.

Key Findings

1. Overestimation of Cyber Resilience

A striking revelation from the survey is the overestimation of cyber resilience capabilities amongst organizations. Only 2% of respondents indicated that they may recuperate their data and restore business processes inside 24 hours of a cyberattack. This starkly contrasts with the boldness expressed by nearly 4 in 5 (78%) respondents of their organization’s cyber resilience strategy.

2. Ransom Payments: A Growing Concern

The willingness to pay ransoms has change into alarmingly common. Roughly 75% of respondents indicated their organization would pay over $1 million to recuperate data and restore business operations, with 22% willing to pay over $3 million. Prior to now 12 months, 69% of respondents admitted to paying a ransom, despite 77% having policies against such payments.

Slow Recovery Times

Recovery times reported by organizations reveal significant vulnerabilities:

  • Only 2% could recuperate inside 24 hours.
  • 18% could recuperate inside 1-3 days.
  • 32% required 4-6 days.
  • 31% needed 1-2 weeks.
  • 16% would want 3+ weeks.

These recovery times fall in need of the targeted optimum recovery time objectives (RTO), with 98% aiming for recovery inside someday and 45% targeting inside two hours.

4. Insufficient Data Privacy Compliance

Just over 2 in 5 (42%) respondents claimed their organization could discover sensitive data and comply with applicable data privacy laws. This means a major gap in needed IT and security capabilities.

5. Zero Trust Security Deficiencies

Despite the supply of effective security measures, many organizations haven’t adopted them:

  • 48% haven’t deployed multifactor authentication (MFA).
  • Only 52% have implemented MFA.
  • Quorum controls or administrative rules requiring multiple approvals are utilized by 49%.
  • Role-based access controls (RBAC) are deployed by 46%.

These deficiencies leave organizations vulnerable to each external and internal threats.

The Escalating Threat Landscape

The survey underscores the increasing threat of cyberattacks:

  • In 2022, 74% of respondents felt the specter of ransomware was rising. By 2023, this figure rose to 93%, and in 2024, it reached 96%.
  • Two-thirds (67%) of respondents reported being victims of ransomware previously six months.

Industries Most Affected

The report identifies seven industries which have been hardest hit by cyberattacks:

  • IT & Technology (40%)
  • Banking & Wealth Management (27%)
  • Financial Services (27%)
  • Telecommunications & Media (24%)
  • Government & Public Services (23%)
  • Utilities (21%)
  • Manufacturing (21%)

Areas of Critical Concern

1. Confidence-Capability Paradox

The disparity between confidence in cyber resilience strategies and the actual capability to execute these strategies effectively is obvious. While many organizations have a cyber resilience plan, their ability to recuperate quickly from attacks lags significantly behind their goals.

2.  Rampant Ransom Payments

The prevalence of ransom payments, often in contradiction to organizational policies, highlights a reactive quite than proactive approach to cyber resilience. The financial impact of paying ransoms extends beyond the immediate cost, affecting downtime, lost opportunities, and reputational damage.

3. Zero Trust Security Deficiencies

The failure to implement robust data access controls like MFA and RBAC poses a major risk to organizations. Effective security measures are essential for safeguarding critical data and ensuring business continuity.

Recommendations for Improvement

To handle these critical issues, the report suggests several actionable strategies:

  • Engage in rigorous testing, drills, and simulations to make sure the effectiveness of backup and recovery processes.
  • Enroll for ransomware resilience workshops to boost cyber incident response capabilities.
  • Automate testing of backup data to confirm integrity and recoverability without manual intervention.
  • Maintain detailed documentation and recovery playbooks to make sure all stakeholders understand their roles during an incident.

Conclusion

The Global Cyber Resilience Report 2024 that was commissioned by Cohesity highlights the urgent need for organizations to bridge the gap between their perceived and actual cyber resilience capabilities. By identifying and addressing these vulnerabilities, organizations can enhance their ability to recuperate from cyberattacks and protect critical data, ensuring a safer and resilient future.

The excellent data and insights from this report function a vital resource for IT and SecOp professionals aiming to strengthen their cyber resilience strategies and safeguard their organizations against the evolving threat landscape.

ASK ANA

What are your thoughts on this topic?
Let us know in the comments below.

0 0 votes
Article Rating
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Share this article

Recent posts

0
Would love your thoughts, please comment.x
()
x