A new report from Fastly has revealed that organizations often underestimate the time required to recover from significant cybersecurity incidents. According to a global survey of 1,800 IT decision-makers, businesses expect to take 5.85 months on average to recover from a serious cyberattack. However, the actual recovery time is 7.34 months, a substantial increase of 25%. This gap between perceived and actual recovery time highlights the complexity and difficulty of bouncing back from a cyber incident, particularly when considering the financial, reputational, and operational damage caused by such attacks.
The report also found that organizations planning to decrease their cybersecurity investment are at an even greater risk of prolonged recovery times. For these businesses, the recovery period is estimated at 8.14 months, with the actual recovery time soaring to 10.88 months, marking a significant 34% discrepancy between expectations and reality. Companies that reduce their cybersecurity spending may struggle more with rebuilding systems, implementing new security measures, and managing the aftermath of a breach, extending the damage caused by cyberattacks.
Key recovery activities highlighted by the study include implementing stronger security measures, offering additional employee training, restoring data from backups, and communicating with stakeholders. About 43% of respondents cited the need for enhanced security protocols, while 41% emphasized the importance of educating staff to prevent future incidents. Forensic analysis was also identified as a crucial step in understanding the breach and preventing further attacks, with 25% of companies undertaking this process during recovery. These activities contribute to the prolonged timeline for full recovery, underscoring the need for robust and proactive security practices.
On a more positive note, the report revealed that a growing number of companies are taking proactive steps to improve their cybersecurity posture following high-profile incidents. For example, 86% of respondents said they had adjusted their patch testing or deployment processes in response to the CrowdStrike outage earlier this year. Additionally, many companies are adopting a shared responsibility approach to cybersecurity, involving a broader range of stakeholders in security decisions, including platform engineering teams and app developers. This shift towards a collaborative approach to cybersecurity is helping organizations better prepare for future threats and recover more quickly from incidents.
Reference:
