The Global Cyber Resilience Report 2024 presents an in-depth evaluation of the present state of cyber resilience across various industries worldwide. Based on a survey conducted by Cohesity and Censuswide, involving 3,139 IT and Security Operations (SecOps) decision-makers from eight countries, this report sheds light on the numerous gaps between perceived and actual cyber resilience capabilities.
Survey Demographics and Scope
The survey, conducted in June 2024, covered each private and non-private organizations across several countries:
- United States: ~500 respondents
- United Kingdom: ~500 respondents
- Australia: ~500 respondents
- France: ~400 respondents
- Germany: ~400 respondents
- Japan: ~300 respondents
- Singapore: ~300 respondents
- Malaysia: ~200 respondents
Participants were evenly split between IT and SecOps professionals, providing a comprehensive overview of the present cyber resilience landscape.
Key Findings
1. Overestimation of Cyber Resilience
A striking revelation from the survey is the overestimation of cyber resilience capabilities amongst organizations. Only 2% of respondents indicated that they may recuperate their data and restore business processes inside 24 hours of a cyberattack. This starkly contrasts with the boldness expressed by nearly 4 in 5 (78%) respondents of their organization’s cyber resilience strategy.
2. Ransom Payments: A Growing Concern
The willingness to pay ransoms has change into alarmingly common. Roughly 75% of respondents indicated their organization would pay over $1 million to recuperate data and restore business operations, with 22% willing to pay over $3 million. Prior to now 12 months, 69% of respondents admitted to paying a ransom, despite 77% having policies against such payments.
Slow Recovery Times
Recovery times reported by organizations reveal significant vulnerabilities:
- Only 2% could recuperate inside 24 hours.
- 18% could recuperate inside 1-3 days.
- 32% required 4-6 days.
- 31% needed 1-2 weeks.
- 16% would want 3+ weeks.
These recovery times fall in need of the targeted optimum recovery time objectives (RTO), with 98% aiming for recovery inside someday and 45% targeting inside two hours.
4. Insufficient Data Privacy Compliance
Just over 2 in 5 (42%) respondents claimed their organization could discover sensitive data and comply with applicable data privacy laws. This means a major gap in needed IT and security capabilities.
5. Zero Trust Security Deficiencies
Despite the supply of effective security measures, many organizations haven’t adopted them:
- 48% haven’t deployed multifactor authentication (MFA).
- Only 52% have implemented MFA.
- Quorum controls or administrative rules requiring multiple approvals are utilized by 49%.
- Role-based access controls (RBAC) are deployed by 46%.
These deficiencies leave organizations vulnerable to each external and internal threats.
The Escalating Threat Landscape
The survey underscores the increasing threat of cyberattacks:
- In 2022, 74% of respondents felt the specter of ransomware was rising. By 2023, this figure rose to 93%, and in 2024, it reached 96%.
- Two-thirds (67%) of respondents reported being victims of ransomware previously six months.
Industries Most Affected
The report identifies seven industries which have been hardest hit by cyberattacks:
- IT & Technology (40%)
- Banking & Wealth Management (27%)
- Financial Services (27%)
- Telecommunications & Media (24%)
- Government & Public Services (23%)
- Utilities (21%)
- Manufacturing (21%)
Areas of Critical Concern
1. Confidence-Capability Paradox
The disparity between confidence in cyber resilience strategies and the actual capability to execute these strategies effectively is obvious. While many organizations have a cyber resilience plan, their ability to recuperate quickly from attacks lags significantly behind their goals.
2. Rampant Ransom Payments
The prevalence of ransom payments, often in contradiction to organizational policies, highlights a reactive quite than proactive approach to cyber resilience. The financial impact of paying ransoms extends beyond the immediate cost, affecting downtime, lost opportunities, and reputational damage.
3. Zero Trust Security Deficiencies
The failure to implement robust data access controls like MFA and RBAC poses a major risk to organizations. Effective security measures are essential for safeguarding critical data and ensuring business continuity.
Recommendations for Improvement
To handle these critical issues, the report suggests several actionable strategies:
- Engage in rigorous testing, drills, and simulations to make sure the effectiveness of backup and recovery processes.
- Enroll for ransomware resilience workshops to boost cyber incident response capabilities.
- Automate testing of backup data to confirm integrity and recoverability without manual intervention.
- Maintain detailed documentation and recovery playbooks to make sure all stakeholders understand their roles during an incident.
Conclusion
The Global Cyber Resilience Report 2024 that was commissioned by Cohesity highlights the urgent need for organizations to bridge the gap between their perceived and actual cyber resilience capabilities. By identifying and addressing these vulnerabilities, organizations can enhance their ability to recuperate from cyberattacks and protect critical data, ensuring a safer and resilient future.
The excellent data and insights from this report function a vital resource for IT and SecOp professionals aiming to strengthen their cyber resilience strategies and safeguard their organizations against the evolving threat landscape.