New insights from Commvault’s 2024 Cyber Recovery Readiness Report highlight critical shifts in how organisations invest in cyber resilience post-breach. Based on a global survey of 1,000 security and IT professionals, the findings reveal that organisations previously affected by cyber incidents are taking significant steps to safeguard themselves, with clear benefits.
Key Findings on Cyber Resilience Investments
- Increased Cybersecurity Budgets: Companies hit by cyberattacks invest 30% more in cybersecurity measures than those that haven’t experienced a breach. This increased spending demonstrates a commitment to minimising future risks.
- Focus on Data Risk Profiles: Breached organisations are 2.5 times more likely to prioritize understanding their data risk profiles, which are vital for recognising the potential damage that different types of data breaches can cause.
- Emphasis on Cyber Readiness Testing: Companies that have been breached conduct more frequent and rigorous tests of their cyber preparedness. Only 2% of breached organisations forgo recovery plan testing, compared to 20% of those yet to experience an incident.
These added investments have a clear impact. Organisations that implement comprehensive cyber recovery strategies recover 41% faster than those that don’t. Additionally, breached companies are 32% more likely to be back online within 48 hours compared to those that haven’t been attacked. Faster recovery times minimise both financial losses and the reputational damage caused by prolonged downtime.
Learning from Experience: A Proactive Approach
“Organisations that focus on testing and improving their recovery plans become significantly more resilient over time,” said Brian Brockway, CTO at Commvault. “Instead of waiting for a disaster to strike, they continuously refine their strategies to minimise future risks. It’s this proactive mindset that sets them apart.”
The report draws parallels to health insurance: the cost of preparedness is far outweighed by the expense of dealing with a catastrophic event. Cyber recovery readiness is no different. By implementing robust cyber resilience measures, organisations avoid operational disruptions, regulatory fines, and other costs associated with breaches.
A Call to Action for All Organizations
The findings emphasise that proactive resilience isn’t just for organisations that have been breached—it’s a strategy all businesses should adopt. Chris Ray, a cybersecurity analyst at GigaOm, explains: “Cyber threats evolve constantly, and so must our defences. A comprehensive, well-integrated approach to cyber resilience can save companies both time and money.”
The report identifies five “resiliency markers” that consistently helped businesses recover faster and experience fewer breaches. By analysing survey data, the team highlighted best practices in deploying resilience technologies and maintaining business continuity.
For more details, read the full report and explore the five key resiliency markers here.