Commvault Survey Shows Lack of ‘Cyber Maturity’ in Companies
In an era where cyber threats are becoming increasingly sophisticated and prevalent, Commvault and research firm GigaOma’s shocking new study reveals that only a small fraction of organisations are truly prepared to face these challenges head-on.
The 2024 Cyber Recovery Readiness Report, which polled 1,000 security and IT professionals across 11 countries (with respondents from companies earning at least US$10m in annual revenues, with the majority earning US$500m or more), paints a concerning picture of global cybersecurity readiness: a mere 13% of respondents could be categorised as "cyber mature."
This leaves an alarming 87% of organisations potentially vulnerable to devastating cyberattacks and prolonged recovery periods.
"One of the key findings from the research is that in order to truly advance cyber preparedness, organisations can't cut corners,” said Chris Ray, Cybersecurity Analyst at GigaOm. “We saw significant disparities in resilience between organisations that deployed one or two of the resiliency markers versus four or five."
What is cyber maturity?
Cybersecurity maturity refers to an organisation's level of readiness and capability to defend itself against cyber threats and protect its digital assets. It encompasses the sophistication of an organisation's security controls, processes, and overall approach to managing cyber risks.
A mature cybersecurity programme goes beyond simply implementing security technologies; it involves integrating security into the organisation's culture, automating processes where possible, and adopting a risk-based approach to prioritise critical issues. Organisations with high cybersecurity maturity are better equipped to mitigate digital threats, maintain business continuity in the face of cyber challenges, and adapt to the evolving threat landscape.
To assess what makes a company cyber mature, the study identified five key capabilities, or "resiliency markers," that set cyber mature organisations apart:
- 1. Security tools that enable early warning about risk, including insider risk
- 2. A known-clean dark site or secondary system in place
- 3. An isolated environment to store an immutable copy of the data
- 4. Defined runbooks, roles, and processes for incident response
- 5. Specific measures to show cyber recovery readiness and risk
Organisations that implemented at least four of these five markers demonstrated significantly better outcomes in the face of cyber threats. "It's critical that organisations think about resiliency in layers. Less than 85% of respondents surveyed do that today. This needs to rapidly change if companies want to be resilient and have the upper hand against bad actors," Chris warns.
Outcomes of maturity v immaturity
The disparity between cyber mature organisations and their less prepared counterparts is stark. The survey revealed that cyber mature entities recovered from attacks 41% faster than those with zero or one resiliency marker. They also reported experiencing fewer breaches overall.
This maturity is also reflected in the confidence companies carry with them about their security.
54% of cyber mature organisations were completely confident in their ability to recover from a breach, compared to only 33% of less prepared organisations.
This confidence isn't unfounded. The findings highlights that cyber mature organisations are far more likely to engage in frequent testing of their recovery plans.
70% of cyber mature organisations tested their recovery plans quarterly, compared to 43% of organisations with only zero or one maturity marker, that tested with this same frequency.
“Companies that just focus on testing for disaster recovery are missing the boat. Given the evolving nature of cyber threats,” said Tim Zonca, VP, Portfolio Marketing, Commvault. “frequent and modern testing practices for cyber recovery are essential so environments are not re-infected and recovery processes are robust.”
As cyber threats continue to evolve and proliferate, the gap between cyber mature organisations and the rest threatens to widen further. The report serves as a wake-up call for the 87% of companies falling behind in cybersecurity preparedness. Closing this cyber maturity gap isn't just about protecting data, as Commvault highlight, it's about ensuring business continuity.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand