Average recovery costs after a cyberattack are rising, while many enterprise resilience programs are slipping backward. Extended downtime is eroding revenue and undermining operational stability across organisations.
The role of the Chief Information Security Officer (CISO) has long centred on keeping intruders out. That focus is shifting. Security leaders are moving from sole emphasis on prevention toward building the capacity to withstand and recover when disruptions inevitably occur.
A recent survey by Absolute Security of 750 CISOs in the US and UK highlights the difficulty of that transition. Almost one in five organisations experienced disruptions lasting up to two weeks after a cyber incident, and the average cost per incident now sits at $2.5 million.
A race to recover
The challenge for businesses has shifted from only blocking breaches to restoring operations once defences fail. The National Institute of Standards and Technology (NIST) defines cyber resilience as the ability to “anticipate, withstand, recover from, and adapt to adverse conditions.”
Despite that benchmark, speed of recovery remains a major obstacle. Not a single surveyed CISO reported full recovery from a disruptive incident within 24 hours. Instead, 57 percent of organisations require three to six days to restore mobile and remote endpoints, while 19 percent face downtime of up to two weeks.
“There is simply no way to avoid the inevitable—at some point every organisation will face the reality of an attack or IT incident that takes down the business,” says Christy Wyatt, President and CEO of Absolute Security.
“Organisations that aren’t prepared to bounce back quickly face an almost existential crisis, as prolonged downtime can literally crush a business.”
Counting the average cost of a cyberattack
The financial impact of slow recovery is substantial. Ninety-eight percent of CISOs report that recovering from a disruptive incident costs between $1 million and $5 million, with the average around $2.5 million.
These numbers expose the fragility of modern digital infrastructure. Over the past year, 55 percent of CISOs saw their organisations hit by attacks or breaches that rendered endpoint devices unusable. The risk is not confined to external attackers: internal software or control failures are a growing concern, with 53 percent fearing that a security software control failure could trigger major downtime within the next year.
The report also points to a troubling trend: while cyber resilience is increasingly necessary, its adoption appears to be weakening.
Currently, 65 percent of CISOs believe their organisation prioritises cyber resilience over traditional prevention—down sharply from 83 percent the previous year. Similarly, the proportion of organisations with a formal cyber resilience strategy declined from 90 percent to 68 percent year-over-year. This regression indicates that as threats become more complex, confidence in resilience programs may be faltering.
The ‘zero breach’ trap
A disconnect persists between security teams and executive leadership about what security investments can realistically deliver. Sixty-one percent of CISOs report that their board and C-suite still expect security investments to guarantee “zero breaches.”
That unrealistic expectation places security leaders in a difficult position. As CISOs transition from purely technical defenders to leaders responsible for business continuity, the stakes rise. Given increasing average costs to the enterprise, 59 percent of respondents agree that a cyberattack causing major downtime could lead to job loss, personal liability, or legal consequences for them personally.
“Our mandate has shifted from pure defense to absolute resilience,” writes Harold Rivas, CISO at Absolute Security. “We must now ensure that business operations can be defended, protected, and rapidly restored following disruptions from any source.”
Looking ahead to the next 12–18 months, CISOs identify three primary drivers of disruption:
- Ransomware: 57% view this as a top threat.
- Supply chain: 56% expect incidents via third-party vendors.
- Insider threat: 55% consider internal actors a likely source of compromise.
At present, enterprise resilience seems more aspirational than operational. With average recovery times nearing five days and costs running into the millions, conventional approaches to business continuity are falling behind the realities organisations face.
For senior leaders, addressing the gap means realigning expectations. Accepting that breaches will occur allows budgets and planning to prioritise rapid recovery capabilities alongside perimeter defence.
Success in the coming year will likely be measured less by the number of attacks an organisation avoids and more by how quickly and effectively it can restore operations when incidents inevitably occur.
Want to learn more about cybersecurity from industry leaders? Explore Cyber Security & Cloud Expo, held in Amsterdam, California, and London, which runs alongside other major technology events including AI & Big Data Expo.
Telecoms is produced by TechForge Media. Discover other upcoming enterprise technology events and webinars through the publisher’s events listings.