Fastly: Incident Recovery Taking 25% Longer – Why It Matters
In an era where digital threats loom large, businesses are grappling with a sobering reality: recovering from cybersecurity incidents is taking significantly longer than expected.
This is according to recent research in Fastly's latest annual Global Security Research Report, which underscores the evolving challenges organisations face in an increasingly sophisticated threat landscape.
Yet, this is not merely a cause of annoyance, the new threat landscape has meant that such recovery costs could be outpacing any insurance, potentially putting companies in a financial black hole.
The cost of prolonged recovery
The report's findings paint a stark picture of the current cybersecurity climate.
In 2024, businesses reported an average recovery time of 7.3 months following cybersecurity breaches—a full 25% longer than anticipated.
This extended recovery period, surpassing the expected timeline by over a month, is not merely an inconvenience; it represents a significant drain on resources and a potential threat to long-term financial stability.
The implications of these extended recovery times are far-reaching.
This drain on resources is not just a temporary setback; it can have lasting impacts on a company's financial health and operational capabilities.
Marshall Erwin, CISO at Fastly, emphasises the gravity of the situation: "Full recovery from breaches is not getting any faster. The revenue, reputation and time lost damages business relationships permanently and drains resources from other areas of the business.”
The financial burden of cybersecurity incidents is further illuminated by data from Sophos.
Their research reveals that the average cost of recovery following a ransomware incident has surged by 50% over the past year, reaching a staggering £2.15m (US$2.73m).
This escalation in costs is outpacing the coverage provided by many cyber insurance policies, leaving businesses exposed to significant financial risk.
Insurance: a partial solution
Whilst cyber insurance has become an integral part of many organisations' risk management strategies, it is proving to be an incomplete solution.
The Sophos' report indicates that only 1% of companies making claims reported that their insurance fully covered the costs incurred during incident remediation.
The most common reason for this shortfall? The total bill for recovery exceeded the policy limit.
In response to these challenges, businesses are reassessing their cybersecurity strategies. Fastly's report reveals that 87% of businesses plan to increase investment in security tools over the next 12 months, marking an 11% year-on-year rise.
"We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects."
However, despite this additional spending, half of the surveyed cybersecurity decision-makers still feel unprepared to deal with future attacks.
This sentiment of unpreparedness is driving a shift towards a more holistic approach to cybersecurity.
"We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects,” says Marshall.
This distributed approach to security is reflected in the changing landscape of accountability, with Platform Engineering teams now being held responsible for 8% of cybersecurity incidents, not far behind CISOs at 14% and CIOs at 12%1.
Reducing recovery
As businesses navigate this complex landscape, it's clear that a multi-faceted approach is necessary.
Investing in robust cybersecurity measures is not just about protection; it's also becoming a prerequisite for obtaining a cyber insurance coverage that covers your downtime.
On the technical side, the road to recovery from cybersecurity incidents is proving longer and more arduous than many anticipated.
As recovery times extend and costs escalate, businesses must reassess their strategies, balancing increased investment in security tools with a more distributed approach to responsibility. The evolving threat landscape demands not just reactive measures, but a proactive, comprehensive approach to cybersecurity that permeates every level of an organisation.
In this new reality, the true cost of cybersecurity incidents extends far beyond immediate financial losses. The extended recovery times are reshaping how businesses approach risk management, insurance, and overall security strategies.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Howden: How Cyber Attacks cost UK Companies $55bn in 5 YearsHacking & Malware
- Customer Confidence: Hiscox Reveals Growing Cost of AttacksCyber Security
- Secureworks: The Company Sophos is Acquiring for $859m CashCyber Security
- Cooperation Key Theme at Microsoft Endpoint Security SummitCyber Security