Three out of four organizations have been affected by at least one cyberattack, according to research by Cohesity. Not only that, but 70 percent of publicly traded companies had to adjust their financial guidance or projected earnings afterwards. Private companies saw their innovation budgets cut in order to increase their security levels. Incidents therefore have a clear financial impact.
Cohesity found that 76 percent of companies have experienced at least one cyberattack with a measurable impact. That measurability is a criterion for good reason. Few publicly traded companies are overly transparent about the financial damage caused by cybersecurity. Above all, companies hope to get out of the news cycle as quickly as possible after a cyber incident. However, the high percentages in this study suggest that the actual consequences are much greater than the official figures show. Many companies also simply misjudge intangible issues such as reputation, customer loyalty, and productivity.
More than an IT problem
Further research shows that incidents usually have consequences on multiple fronts. Listed companies saw their share price fall by 68 percent after an attack. Private companies chose to spend 73 percent of their innovation budget elsewhere, often on security solutions. In addition, 92 percent of respondents have to take legal consequences into account.
Cohesity CEO Sanjay Poonen emphasizes that cyberattacks affect all layers of a company. “Incidents force organizations to revise forecasts, absorb shareholder reactions, and radically reallocate budgets.” The response from leaders varies. About 47 percent have complete confidence in their own resilience strategy. The majority do not, despite the fact that costly attacks continue to pile up.
AI as a new risk
The study also highlights AI as a pressing challenge. Some 81 percent of security and IT leaders believe that generative AI is advancing so rapidly that it is virtually impossible to implement the technology safely. The potential power of AI is undeniable, but companies are struggling to keep up with the pace.
Poonen refers to “the AI and security paradox.” On the one hand, AI is transforming business processes, but on the other, adoption is outpacing risk tolerance. According to him, the way forward starts with data that is reliable and remains protected in the event of an attack, so that affected organizations can get back on their feet quickly. Companies that recover faster, eliminate threats, and maintain trust have a competitive advantage.
Resilience as a strategy
According to Cohesity, resilience is crucial to limiting financial damage in the event of an attack. Cyber incidents will remain a fact of life. Companies that survive attacks with as little impact as possible reap the benefits. This is difficult to measure, it turns out, but the consequences when things go wrong are not. According to Cohesity, the focus should be on rapid detection, recovery, and communication. The security company emphasizes that the difference between winners and losers has to do with recovery time and communication with shareholders, regulators, and customers afterward. This limits financial damage and maintains the trust of customers and shareholders.
Read also: Jaguar Land Rover extends production halt after cyberattack