Businesses urged to adopt cyber readiness in new Commvault report

Commvault, in partnership with research firm GigaOm, has released the 2024 Cyber Recovery Readiness Report, shedding light on critical capabilities that enhance businesses' resilience against cyberattacks. This global survey encompassed 1,000 participants from 11 countries, focusing on a pivotal question: what measures can businesses adopt to bolster their resilience against cyber threats?

The report identifies five key capabilities, termed resiliency markers, that collectively enable organisations to recover from cyberattacks more swiftly and with fewer breaches. These markers were determined after meticulous analysis of numerous factors, including breach frequency, deployment of resilience technologies, and the rapidity of data recovery and resumption of operations. The five resiliency markers are as follows:

1. Security tools for early risk warnings, including insider threats.
2. A dark site or secondary system known to be clean.
3. An isolated environment to maintain an immutable data copy.
4. Clearly defined runbooks, roles, and incident response processes.
5. Specific measures showcasing cyber recovery readiness and risk assessment.

Only 13% of survey respondents achieved the status of cyber mature, characterised by the implementation of at least four out of the five resiliency markers. The survey uncovered notable insights:

- Faster recoveries: Cyber mature organisations recovered 41% faster than those with zero or one marker. - Fewer breaches: Cyber mature entities reported fewer breaches than their less prepared counterparts. - Improved confidence: 54% of cyber mature organisations were fully confident in their ability to recover from a breach, compared to 33% among less prepared organisations. - Increased testing frequency: 70% of cyber mature organisations tested their recovery plans quarterly, in contrast to 43% of those with fewer markers.

Chris Ray, Cybersecurity Analyst at GigaOm, highlighted the importance of comprehensive preparedness. "One of the key findings from the research is that in order to truly advance cyber preparedness, organisations can't cut corners. We saw significant disparities in resilience between organisations that deployed one or two of the resiliency markers versus four or five. It's critical that organisations think about resiliency in layers. Less than 85% of respondents surveyed do that today. This needs to rapidly change if companies want to be resilient and have the upper hand against bad actors."

Tim Zonca, Vice President of Portfolio Marketing at Commvault, emphasised the necessity of modern testing practices. "As we drill down into these cyber capabilities, key practices are emerging as fundamentally critical to any cyber preparedness strategy, and testing for cyber recovery readiness is one of them. Companies that just focus on testing for disaster recovery are missing the boat. Given the evolving nature of cyber threats, frequent and modern testing practices for cyber recovery are essential so environments are not re-infected and recovery processes are robust."

The survey, conducted in April 2024, involved respondents from organisations with annual revenues of at least USD $10 million, with a majority reporting revenues of USD $500 million or more. Participants included 35% board-level or C-suite executives, 48% senior-level management, and 17% mid- or junior-level management. The countries represented in the survey were Australia, Canada, France, Germany, Italy, Japan, Netherlands, Spain, Sweden, United Kingdom, and United States.

The insights from the 2024 Cyber Recovery Readiness Report underscore the significance of adopting comprehensive resilience measures to mitigate the impact of cyberattacks effectively.