A Breach Can Teach

Unfortunately, breaches are far too common, affecting companies of all sizes across all industries. Like any dramatic experience, the experience of fighting through a breach reshapes how an organization behaves and prioritizes its actions. These were among the findings in our inaugural Cyber Recovery Readiness Report, a joint effort of Commvault and GigaOm.  

We surveyed 1,000 cyber security and IT leaders from countries around the world to better understand the global state of cyber recovery readiness and to get a clear understanding of how organizations remain resilient through the chaos and damage of breaches.

Our survey confirmed the prevalence of breaches, with 83% of our respondents reporting a material security breach: over 50% of these within the past year and more than 75% in the last 18 months. With breaches costing up to $12 million per day¹, the ability to recover quickly is paramount.  

One significant finding across the data set is that there are many lessons to be learned from being breached. Organizations gain experience that changes their outlook, prioritization, and often, their maturity. As an example, organizations that experienced a breach are nearly 2.5 times more likely to rank understanding data risk profile, data classifications, and relative level of risk as a top priority for their cyber recovery strategy, compared to organizations that have not been breached. 

Overall, organizations that haven’t been breached have a narrower focus, citing the need to have critical data fully backed up and recoverable as a top three choice nearly 60% of the time. Organizations that have been breached place a premium on a wider set of practices, led by understanding their data risk profile and classifications.   

This tells us that once an organization has undergone a breach and understands the implications of what it takes to respond, its priorities shift. Those organizations have learned that there are key areas to incorporate that may be less obvious to those that haven’t been breached such as: communication with stakeholders, working with vendors, clear ownership, and division of responsibilities.  Those that haven’t been breached are primarily focused on speed alone. 

Breached organizations are also less satisfied with the status of their early warning tools compared to those that did not report a breach, suggesting a level of complacency in the unbreached group. 

Overall, those that have been breached prepare more comprehensively – they are more likely to have plans, and the plans they do have, they test more frequently. And in response to a breach, they equally prioritize more capabilities and activities vs. trying to do a few things well. 

Read the full report here.

¹SolarWinds: Pingdom Team, Average Cost of Downtime per Industry, Jan 9, 2023.