Cyber resilience starts in the C-suite

In many cases, senior executives/line-of-business leaders are minimally engaged in their company’s cyber preparedness initiatives — only 33% of CEOs or managing directors and 21% of other senior leaders are heavily involved, according to Commvault.

According to the research, 52% of senior leaders have no involvement in their company’s cyber cases.

In addition to a lack of executive engagement, there is also often confusion between ITOps and SecOps teams in terms of who is doing what when it comes to cyber preparedness. Only 30% of SecOps teams fully understand ITOps’ roles and responsibilities for cyber preparedness and response, and similarly, only 29% of ITOps teams fully understand what falls to SecOps.

On-premises workloads seen as more vulnerable than cloud

According to IDC, business leaders need to play a key role in ensuring companies prioritize cyber preparedness. Additionally, organizations must ensure there is complete alignment between ITOps and SecOps teams as not doing so can make organizations more prone to successful attacks or lengthy recoveries.

61% of respondents believe that data loss within the next 12 months is “likely” to “highly likely” to occur due to increasingly sophisticated attacks.

Of the respondents surveyed, on-premises workloads were thought to be more vulnerable than cloud workloads. On a scale of 1-5, with 5 being highly vulnerable, respondents rated on-premises data repositories a 2.8 and physical workloads a 2.77 – higher than that of cloud workloads (2.67).

The research also shows that data exfiltration attacks – when malware or a malicious actor carries out an unauthorized data transfer – occur almost 50% more often than encryption attacks, where hackers aim to decode encrypted data.

Respondents ranked phishing as the most concerning threat to address, given that most ransomware attacks begin with a successful attack on user credentials.

Automation seen as key to faster threat detection

Additionally, as cyberattackers deploy more clever tactics, relying on manual detection and reporting processes are very likely to result in missed anomalies and successful attacks.

A potential solution – automation – could lead to faster detection to mitigate the intrusion impact. However, 57% of organizations have limited automation for key functions, increasing their chances of missing a threat before it happens; only 22% report being fully automated.

“Cyber attackers never rest and are constantly discovering ways to exploit vulnerabilities. A truly effective cyber resilience strategy must go beyond just backup and recovery. It’s crucial that organizations adopt a new approach that spans prevention, mitigation, and recovery,” said Phil Goodwin, Research Vice President, Infrastructure Systems, Platforms and Technologies Group, IDC.

“Whether on-premises, in the cloud, or in a hybrid environment, they must integrate multiple layers of defense. With AI now a tool for both defense and offense, the urgency for comprehensive cyber resilience has never been more evident,” added Goodwin.

“We are beyond just reacting to cyber threats. The C-suite must ensure teams are prioritizing proactive defense, real-time threat intelligence, and robust risk management to pave the way for genuine cyber resilience,” said Javier Dominguez, CISO, Commvault. “It’s also critical that SecOps and ITOps teams work closely together to look holistically at their security posture, end-to-end. ”