The Global Cyber Resilience Report 2024 presents an in-depth analysis of the current state of cyber resilience across various industries worldwide. The survey, conducted in June 2024, covered both public and private organizations across several countries. A striking revelation from the survey is the overestimation of cyber resilience capabilities among organizations.
Only 2% of respondents indicated that they could recover their data and restore business processes within 24 hours of a cyberattack. This starkly contrasts with the confidence expressed by nearly 4 in 5 (78%) respondents in their organization’s cyber resilience strategy. The willingness to pay ransoms has become alarmingly common.
Approximately 75% of respondents indicated their organization would pay over $1 million to recover data and restore business operations, with 22% willing to pay over $3 million. In the past year, 69% of respondents admitted to paying a ransom, despite 77% having policies against such payments. Recovery times reported by organizations reveal significant vulnerabilities.
Only 2% could recover within 24 hours, 18% could recover within 1-3 days, 32% required 4-6 days, 31% needed 1-2 weeks, and 16% would need 3+ weeks. Just over 2 in 5 (42%) respondents claimed their organization could identify sensitive data and comply with applicable data privacy laws, indicating a significant gap in necessary IT and security capabilities. Despite the availability of effective security measures, many organizations have not adopted them.
Cyber resilience gaps exposed
48% have not deployed multifactor authentication (MFA), quorum controls or administrative rules requiring multiple approvals are used by 49%, and role-based access controls (RBAC) are deployed by 46%. The survey underscores the increasing threat of cyberattacks.
In 2022, 74% of respondents felt the threat of ransomware was rising. By 2023, this figure rose to 93%, and in 2024, it reached 96%. Two-thirds (67%) of respondents reported being victims of ransomware in the past six months.
The report identifies seven industries that have been hardest hit by cyberattacks: IT & Technology (40%), Banking & Wealth Management (27%), Financial Services (27%), Telecommunications & Media (24%), Government & Public Services (23%), Utilities (21%), and Manufacturing (21%). The disparity between confidence in cyber resilience strategies and the actual capability to execute these strategies effectively is evident. The prevalence of ransom payments, often in contradiction to organizational policies, highlights a reactive rather than proactive approach to cyber resilience.
The failure to implement robust data access controls like MFA and RBAC poses a significant risk to organizations. To address these critical issues, the report suggests several actionable strategies, including rigorous testing, drills, and simulations to ensure the effectiveness of backup and recovery processes, signing up for ransomware resilience workshops to enhance cyber incident response capabilities, and maintaining detailed documentation and recovery playbooks. The Global Cyber Resilience Report 2024 highlights the urgent need for organizations to bridge the gap between their perceived and actual cyber resilience capabilities.
By identifying and addressing these vulnerabilities, organizations can enhance their ability to recover from cyberattacks and protect critical data, ensuring a more secure and resilient future.
