Cyber ​​resilience: Insufficiently prepared despite fear of attacks

Cyber ​​resilience: Insufficiently prepared despite fear of attacks

Share post

In a study, managers from the areas of security and IT operations commented on cyber resilience in their company. The majority expect an attack.

Commvault has released a new IDC report commissioned by Commvault entitled “The Cyber-Resilient Organization: Maximum Preparedness with Bullet-Proof Recovery Survey.”

In this report, IDC surveyed more than 500 security and IT operations executives worldwide to get an up-to-date overview of how organizations perceive modern security threats and how they are strengthening their cyber resilience. The key findings of this report fall into three areas: senior leadership commitment to cyber resilience initiatives, fears of data leaks and vulnerable workloads, and the need for automation.

Cyber ​​resilience starts in the executive suite – or does it?

The study shows that in many cases, senior executives or directors are barely involved in their company's cyber resilience initiatives - only a third (33 percent) of CEOs or directors and less than a quarter (21 percent) of other senior executives Employees are heavily involved. According to the study, the majority (52 percent) of senior executives are not involved in their company's cyber events.

In addition to the lack of commitment from managers, it is often unclear between ITOps and SecOps teams who is responsible for what to prepare cyber defense. Only 30 percent of SecOps teams fully understand ITOps roles and responsibilities related to cyber attack preparedness and response. Only 29 percent of ITOps teams know which tasks fall within the scope of SecOps.

According to IDC, business leaders have a key role to play in ensuring organizations prioritize preparing for cyberattacks. Additionally, organizations must ensure that the ITOps and SecOps teams operate in complete coordination with one another. Otherwise, companies are more vulnerable to successful attacks and recovery processes are more lengthy.

Big problem: data leaks – workloads vary in their vulnerability

61 percent of respondents believe data breaches are “likely” to “very likely” in the next 12 months due to increasingly sophisticated attacks. Study participants considered on-premises workloads to be more vulnerable than cloud workloads. On a scale of one to five, with five being high risk, respondents rated on-premises data storage at 2,8 and physical workloads at 2,77 - higher than cloud workloads (2,67).

Data exfiltration is the preferred tactic; manual detection processes fall short

The study also shows that data exfiltration attacks – in which malware or a malicious actor performs an unauthorized data transfer – are nearly 50 percent more common than attacks in which hackers attempt to decode encrypted data. Respondents ranked phishing as the biggest threat to combat. This is because most ransomware attacks begin by successfully compromising user account login credentials.

As cyber attackers use increasingly sophisticated tactics, it is likely that anomalies and successful attacks will be missed if IT managers rely on manual detection and reporting procedures. A possible solution – automation – could detect attacks and risks more quickly in order to reduce the consequences of attacks. However, most companies (57 percent) only automate their key functions to a limited extent. This increases the likelihood that they will miss a threat before it occurs. Only 22 percent of those surveyed say they have fully automated their processes.

Cyber ​​resilience by integrating different approaches

“Cyber ​​attackers never rest and are constantly discovering new ways to exploit vulnerabilities. A truly effective cyber resilience strategy must go beyond just backup and recovery. It is important that organizations adopt a new approach that includes prevention, mitigation and recovery,” said Phil Goodwin, research vice president, Infrastructure Systems, Platforms and Technologies Group, IDC. “Whether on-premises, in the cloud or in a hybrid environment, security leaders must integrate multiple layers of defense. With AI now a tool for both defense and offense, the urgency for comprehensive cyber resilience has never been more evident.”

“Simply responding to cyber threats is a thing of the past. Leadership must ensure that teams prioritize proactive defense, real-time risk analysis and robust risk management to pave the way for true cyber resilience,” said Javier Dominguez, CISO, Commvault. “It is also critical that SecOps and ITOps teams work closely together to take a holistic and end-to-end view of their security posture. With Commvault, resilience isn’t an afterthought – it’s a blueprint.”


Commvault wanted to explore how organizations are approaching cyber resilience, common gaps in cyber response, and best practices learned and described by senior IT professionals. To make this possible, Commvault commissioned IDC to conduct an independent study to find answers to these important questions.

The survey methodology used by IDC was as comprehensive as possible and included all three primary survey approaches: a focus group with eight IT executives from large US companies (multinational corporations) with the titles CIO, CTO and CISO; individual in-depth interviews with other CIOs; and a global survey of 513 senior IT and security professionals.

More at


About Commvault

Commvault is the leading provider of backup and recovery. Commvault's converged data management solution redefines what backups mean to the advanced business with applications that protect, manage, and utilize their most valuable asset: their data. Software, solutions and services are available directly from Commvault and from a global network of proven partners. The company employs more than 2.300 highly qualified people worldwide, is traded on the NASDAQ (CVLT) and is headquartered in Tinton Falls, New Jersey, USA.

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more