In 2024, businesses have reported taking an average of 7.3 months to recover from cybersecurity breaches -- 25 percent longer than expected and over a month past the anticipated timeline of 5.9 months.
This is among the findings of the latest Global Security Research Report from Fastly which also shows that recovery times are even worse for companies that planned on cutting back cybersecurity spending. They faced an average of 68 incidents each -- 70 percent above the average -- and their recovery times stretched to 10.9 months.
With attacks on the rise the study of 1,800 key IT decision makers around the world finds that 87 percent of businesses do plan to increase investment in security tools over the next 12 months, an 11 percent year-on-year rise. However, despite the additional spending, half of the surveyed cybersecurity decision makers feel that an increasingly sophisticated threat landscape has still left them unprepared to deal with future attacks.
Marshall Erwin, CISO at Fastly, says, "Full recovery from breaches is not getting any faster. The revenue, reputation and time lost damages business relationships permanently and drains resources from other areas of the business. With attacks not diminishing and the possibility of further high-profile slip-ups always present, it's crucial that any changes businesses are now making to cybersecurity strategies fit within a holistic plan and aren't knee-jerk reactions."
The report also shows that many security professionals are now scrutinizing their vendor choices and the value of cybersecurity investments more closely. In 2024, 40 percent of enterprises expressed concerns about the reliability and software quality across their security stack and 29 percent considered changing vendors (a figure that rises to 37 percent in the US). In addition, the vast majority of businesses (86 percent) have changed their approach to testing and rolling out updates in response to major reliability incidents.
Organizations are also re-evaluating how security integrates across their operations. Increasingly, key stakeholders outside traditional security teams, including platform engineering teams, are having a say in which app security solutions are being adopted, with 20 percent saying their organization's priority is to adopt a platform engineering approach to software security.
Erwin adds, "Cybersecurity spending is under the microscope as businesses continue to feel unprepared dealing with an evolving threat landscape. We are seeing a shift towards a shared responsibility for security across organizations, with increased focus on embedding security measures throughout all projects. Companies that bake in security and establish strong partnerships with security organizations early in a product development process are in a better position to deal with emerging threats and recover more quickly from attacks."