With jobs on the line, CEOs now demand cyber attack recovery in hours, not days or weeks
Recovery takes most organizations weeks or months, CEOs think it should be far quicker
UK CEOs are placing huge demands on security professionals, with most now expecting to be notified of a cyber attack within half an hour – they even want basic operations back up and running within a day.
That’s according to new research from Cohesity, which found two-third expect to be notified within 30 minutes, and 19% within just five.
Meanwhile, 14% think they should have basic business operations restored within an hour and 38% within a day; only 11% thought a week was reasonable.
These high expectations are placing significant pressure on cybersecurity teams, the study noted, but the figures do track with the UK government’s recent Cyber security breaches survey.
The report noted that the “vast majority” of businesses (87%) reported being able to restore their operations within just 24 hours.
“More than seven-in-ten businesses (72%) and charities (76%) said it took ‘no time at all’ to recover,” the report said.
Some are taking a more conservative approach to long-term recovery timelines, however. Around 15% said they expect to be fully operational in the wake of an attack within a few weeks.
Who’s responsible for cyber attack recovery?
Crucially, the Cohesity report found executives aren’t aligned on who should be notifying them about a breach and managing the recovery. A quarter told researchers that it should be the security advisory board, with 21% citing the CTO and the same number the CISO.
The same pattern appears when CEOs are asked who decides what gets restored first in order to resume basic business operations.
Responsibility is spread across the entire board, at 23%, the CTO at 21%, the CEO personally at 20%, and the security advisory board at 14%.
“CEOs are signaling that cyber incidents now come with performance consequences. With expectations this high, organizations need a clear chain of command in place, so decisions are made quickly and confidently,” said Fraser Hutchison, VP UKI at Cohesity.
“Cyber attack recovery is now a board-level issue. CEOs expect to restore basic business operations fast, but many organizations still haven’t defined who alerts leadership, who decides what ‘minimum viable’ means, or what gets restored first."
Hutchison warned that without a “clear plan agreed in advance”, critical decisions can be “contested in the heat of the moment”. This, the report noted, ultimately slows down recovery.
AI throws a spanner in the works
Decisions around recovery are being made more difficult by the fractured state of AI governance across large UK businesses, according to Cohesity, with ownership of AI security distributed across as many as five different executive roles.
Four-in-ten survey respondents said the CTO was responsible for AI cybersecurity, followed by the CISO (31%), CIO (29%), CSO (26%), and CAIO (22%). Researchers said this means that in many organizations, multiple executives hold a partial stake in AI security with no single owner.
Meanwhile, the person responsible for restoring AI systems after an attack is often not the same person who governs them day to day: the CIO leads on AI policy at 30% of businesses, while the CTO leads AI cybersecurity at 41%.
A further 20% of businesses have had to create an entirely new role to own AI policy at all, and 11% have no owner or are unsure.
“AI is accelerating how organizations run, and it’s raising expectations for speed everywhere including recovery from a cyber attack. But speed without clear ownership, and confidence in what you’re restoring can turn a cyber incident into a prolonged business crisis,” said James Blake, Cohesity global vice president of cyber resilience and consultancy strategy.
"The organizations that recover best are the ones that define Minimum Viable Company upfront, assign clear decision rights, and rehearse recovery as an operational discipline, not just a technical process."
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Accenture snaps up majority stake in Dragos, acquires runZero and NetRise in critical infrastructure security pushNews Accenture has moved to strengthen its critical infrastructure security capabilities in a triple investment totalling around $4.175 billion
-
Huawei MatePad Pro Max reviewReviews A bona fide creative powerhouse and arguably one of the best around for creators
-
$600bn lost every year to downtime as organizations battle hidden costsNews Disclosure, stock prices, ransoms and fines add up to hundreds of billions as unplanned downtime for large firms shoots up 50% in just two years
-
'The latest in a series of public sector data disasters': Cyber experts hit out at Companies House security fiascoNews The incident at Companies House underlines the need for more robust public sector security capabilities
-
A single compromised account gave hackers access to 1.2 million French banking recordsNews Ficoba has warned that “numerous” scams are already in circulation following the data breach
-
Security experts warn Substack users to brace for phishing attacks after breachNews Substack CEO Christ Best confirmed the incident occurred in October 2025
-
Everything we know so far about the Nike data breachNews Hackers behind the WorldLeaks ransomware group claim to have accessed sensitive corporate data
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
OpenAI hailed for ‘swift move’ in terminating Mixpanel ties after data breach hits developersNews The Mixpanel breach prompted OpenAI to launch a review into its broader supplier ecosystem
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
