A recent survey commissioned by Cohesity, a leading company in AI-powered data security and management, has unveiled some troubling findings about how companies are handling cyberattacks. The research, which involved over 900 IT and Security decision-makers, revealed that an overwhelming majority of companies are paying ransoms despite having ‘do not pay’ policies. The survey also showed that the threat of cyberattacks is expected to increase significantly in 2024 compared to 2023.
In the United Kingdom, 83% of respondents reported that their companies had fallen victim to a ransomware attack between June and December. More worrisome is the fact that 97% of companies in the UK have paid a ransom in the last two years. Furthermore, the survey highlighted the significant challenge companies face when it comes to cyber resilience and data security. A staggering 95% of respondents believe that the threat of cyberattacks will increase in 2024, with 7 in 10 predicting a surge of more than 50%.
The survey found that the data security risk for companies has increased faster than the growth in the amount of data they manage. It was also revealed that organizations’ cyber resilience and data security strategies are not keeping up with the current threat landscape, with only 25% of respondents expressing full confidence in their company’s cyber resilience strategy.
One of the most alarming revelations from the survey is the slow data recovery and lack of cyber resilience that results in ransom payments. The survey found that every company needs more than 24 hours to recover data and restore business processes after a cyberattack. Additionally, just 12% of respondents reported that their company had stress tested their data security, data management, and data recovery processes in the six months prior to the survey. Meanwhile, 46% had not tested their processes or solutions in over 12 months.
The survey also delved into the financial impact of cyber resilience, with 97% of respondents saying their company would pay a ransom to recover data, despite 94% of companies having a ‘do not pay’ policy. These findings suggest that organizations are willing to pay a substantial amount to recover their data and restore business processes.
To address the concerning results of the survey, James Blake, Cohesity’s Global Head of Cyber Resiliency GTM Strategy, stressed the need for organizations to focus on achieving faster recovery times and avoiding significant disruption. He also highlighted the potential risks that organizations face by paying ransoms, especially with the UK sanctioning ransomware operators.
The survey also emphasized the need for executive management to be more accountable for data security risks and attacks. Only 31% of respondents felt that their senior and executive management fully understand the serious risks and daily challenges of protecting, securing, managing, backing up, and recovering data. The survey also highlighted the impact of a data breach or cyberattack, with respondents identifying brand and reputational damage, long-term operational outcomes and projects, and a direct hit to revenue as their biggest concerns.
Furthermore, the survey found that government initiatives, legislation, and regulations do not appear to be driving companies’ cyber resilience and data security best practices. Despite efforts from governments and public institutions, only 46% of respondents said these factors influenced their data security and management approaches.
The study was based on a survey of 902 IT and Security decision-makers from businesses in Australia, the United Kingdom, and the United States. The findings indicate a pressing need for organizations to prioritize their data security and cyber resilience strategies to combat the increasing threat of cyberattacks. As Sanjay Poonen, Cohesity’s CEO and president, highlighted, modern AI-powered data security and management solutions are essential for protecting and recovering data to restore business processes in the event of a cyberattack.