According to Commvault, a staggering 83% of organizations have recently experienced a material security breach, with more than half of those occurring in the past year alone, underscoring the urgent need for advanced preparedness and flexible response strategies.

organizations cyber recovery plans

For security and IT professionals, the risk landscape is constantly changing, with external threats the top concern, and organizations needing to assume a breach. Organizations are realizing that it’s not a question of if or when they’ll get hacked, but when they’ll realize they’ve been hacked.

Five Indicators of Cyber ​​Recovery Readiness

Commvault and GigaOm were able to identify five key capabilities, known as resilience indicators, that when deployed together, allowed companies to recover from cyberattacks faster and experience fewer breaches than companies that did not follow this path.

These five resilience indicators emerged after data analytics teams combed through the survey results based on a variety of topics, including how often companies were hacked, what resilience technologies were deployed (or not deployed), and how quickly companies were able to recover data and resume normal operations.

The resilience indicators are as follows:

  • Security tools that provide early warning of risks, including insider risks.
  • A dark location or secondary system known to be clean.
  • An isolated environment to store an immutable copy of the data.
  • Defined runbooks, roles, and processes for incident response.
  • Specific measures to demonstrate the level of cyber recovery preparedness and its risks.

For many organizations, cyber recovery strategy is still a work in progress. Again, 38% of our respondents recognize that their efforts could be improved. Those looking to improve should look to their more mature peers, who place a premium on prioritising more practices rather than just a few, and as a result, are on firmer footing in the event of a breach.

Cyber-ready organizations recover faster

When assessing the results, only 13% of respondents were categorized as cyber-adult.

Cyber ​​mature organizations, those that deployed at least four of the five resilience markers, recovered 41% faster than respondents with only zero or one marker. Overall, cyber mature organizations report experiencing fewer breaches compared to companies with fewer than four markers.

54% of cyber-mature organizations were confident they could recover from a breach, compared to only 33% of less prepared organizations.

70% of cyber-mature organizations tested their recovery plans every quarter, compared to 43% of organizations with only zero or one maturity indicator, who tested with the same frequency.

Without testing in a realistic situation, organizations cannot know how their cyber recovery plans will perform.

“One of the key findings of the research is that organizations cannot cut corners to truly improve cyber preparedness. We saw significant differences in resilience between organizations that implemented one or two of the resilience markers versus four or five,” said Chris Ray, Cybersecurity Analyst, GigaOm. “It is critical that organizations think about resilience in layers. Less than 85% of respondents surveyed are doing so today. This needs to change quickly if companies want to be resilient and gain the upper hand against bad actors.”