Fastly: Incident Recovery Taking 25% Longer – Why It Matters

Share
In this new reality, the true cost of cybersecurity incidents extends far beyond immediate financial losses
Fastly's global study shows recovery from a cyber incident is taking 25% longer than expected, causing issues in cost and insurance coverage

In an era where digital threats loom large, businesses are grappling with a sobering reality: recovering from cybersecurity incidents is taking significantly longer than expected.

This is according to recent research in Fastly's latest annual Global Security Research Report, which underscores the evolving challenges organisations face in an increasingly sophisticated threat landscape.

Yet, this is not merely a cause of annoyance, the new threat landscape has meant that such recovery costs could be outpacing any insurance, potentially putting companies in a financial black hole. 

The cost of prolonged recovery

The report's findings paint a stark picture of the current cybersecurity climate. 

In 2024, businesses reported an average recovery time of 7.3 months following cybersecurity breaches—a full 25% longer than anticipated. 

This extended recovery period, surpassing the expected timeline by over a month, is not merely an inconvenience; it represents a significant drain on resources and a potential threat to long-term financial stability.

Youtube Placeholder

The implications of these extended recovery times are far-reaching.

This drain on resources is not just a temporary setback; it can have lasting impacts on a company's financial health and operational capabilities.

Marshall Erwin, CISO at Fastly, emphasises the gravity of the situation: "Full recovery from breaches is not getting any faster. The revenue, reputation and time lost damages business relationships permanently and drains resources from other areas of the business.”

Marshall Erwin, CISO at Fastly

The financial burden of cybersecurity incidents is further illuminated by data from Sophos. 

Their research reveals that the average cost of recovery following a ransomware incident has surged by 50% over the past year, reaching a staggering £2.15m (US$2.73m). 

This escalation in costs is outpacing the coverage provided by many cyber insurance policies, leaving businesses exposed to significant financial risk.

Insurance: a partial solution

Whilst cyber insurance has become an integral part of many organisations' risk management strategies, it is proving to be an incomplete solution. 

The Sophos' report indicates that only 1% of companies making claims reported that their insurance fully covered the costs incurred during incident remediation.

 The most common reason for this shortfall? The total bill for recovery exceeded the policy limit.

In response to these challenges, businesses are reassessing their cybersecurity strategies. Fastly's report reveals that 87% of businesses plan to increase investment in security tools over the next 12 months, marking an 11% year-on-year rise. 

"We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects."

Marshall Erwin, CISO at Fastly

However, despite this additional spending, half of the surveyed cybersecurity decision-makers still feel unprepared to deal with future attacks.

This sentiment of unpreparedness is driving a shift towards a more holistic approach to cybersecurity. 

"We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects,” says Marshall.

 This distributed approach to security is reflected in the changing landscape of accountability, with Platform Engineering teams now being held responsible for 8% of cybersecurity incidents, not far behind CISOs at 14% and CIOs at 12%1.

Reducing recovery

As businesses navigate this complex landscape, it's clear that a multi-faceted approach is necessary. 

Investing in robust cybersecurity measures is not just about protection; it's also becoming a prerequisite for obtaining a cyber insurance coverage that covers your downtime. 

On the technical side, the road to recovery from cybersecurity incidents is proving longer and more arduous than many anticipated. 

As recovery times extend and costs escalate, businesses must reassess their strategies, balancing increased investment in security tools with a more distributed approach to responsibility. The evolving threat landscape demands not just reactive measures, but a proactive, comprehensive approach to cybersecurity that permeates every level of an organisation.

In this new reality, the true cost of cybersecurity incidents extends far beyond immediate financial losses. The extended recovery times are reshaping how businesses approach risk management, insurance, and overall security strategies.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

BCG Global Cyber Leader: How Gen AI Breaks Security Defences

BCG’s Vanessa Lyon speaks to Cyber Magazine on AI threats, cyber talent shortages and why increased security spending isn't improving corporate defence

Cisco Talos: Tracking Ransomware’s 35 Year Evolution

Martin Lee, Technical Lead for Security Research, Cisco Talos highlights how the ransomware landscape has shifted across the last 35 years

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

Network Security

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

Cyber Security

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security