Cyber Incidents and Attacks Disrupt Enterprise Business Operations for Two Weeks, Reveals First Comprehensive Global Cyber Resilience Survey

Cyber Incidents and Attacks Disrupt Enterprise Business Operations for Two Weeks, Reveals First Comprehensive Global Cyber Resilience Survey

Survey of 750 Enterprise CISOs Reveals 55% Faced Cyberattacks in 2025, with None Able to Restore Operations Within a Day, Recovery Costs Soared to $5 Million Per Incident; Sponsor Absolute Security Says Results Show Businesses Facing Existential Threat

SEATTLE — JAN. 8, 2026 —  Absolute Security today published the industry’s first comprehensive research revealing the state of enterprise Cyber Resilience. Among the top findings were that when hit with cyber incidents and attacks, some organizations experienced operational disruptions that lasted as long as two weeks, a majority faced downtime that lasted nearly five days, and none could recover business operations within a day.

Cyber Resilience provides the ability to ensure defenses are operating effectively and to quickly restore business operations following disruptive cyber incidents and software failures. This global study of 750 Chief Information Security Officers (CISOs) in the US and UK is the industry’s first research to provide insights into the state of Cyber Resilience, the challenges enterprises face, and steps security and risk executives can take to overcome them. The findings are now published in the first instalment of Absolute Security’s newly launched eBook series, The Resilient CISO: The State of Enterprise Cyber Resilience.

Cyberattacks, Downtime on the Rise
The survey revealed that during the past 12 months, 55% of CISOs agreed their organization had experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable. When asked about recovery time, a majority (57%) reported their organizations took more than 4.5 days (on average) for full remediation and recovery, with 19% revealing recovery efforts stretched as long as two weeks. The survey further revealed that 98% of organizations are spending between $1 and $5 million to recover from cyber incidents, with the average cost to recover per incident now $2.5 million. Losses are likely understated, as this cost does not include overall losses attributed to total business downtime that attacks and incidents cause. Not a single respondent in the survey said they were able to recover from a cyber incident within a day when hit by an attack or incident in the past 12 months.

“There is simply no way to avoid the inevitable—at some point every organization will face the reality of a cyber incident or attack that takes down the business. Organizations that aren’t prepared to bounce back quickly face an almost existential crisis, as prolonged downtime can crush a business,” said Christy Wyatt, President and CEO, Absolute Security. “As security and risk leaders, we need to expand our focus beyond just traditional security. We must also be the driving force behind ensuring business operations run consistently and without disruption.”

CISOs on the Firing Line
CISOs are increasingly held responsible when it comes to dealing with the downtime caused by cyberattacks and security software incidents. Seventy-two percent agree their role has evolved from being responsible for security and risk only, to now leading their organization’s ability to recover continuity following a cyberattack, ransomware infection, security incident, or software failure that stops business operations.

Adding to the pressures of the role, 61% agreed their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents. A full 59% agreed they are concerned that a security or IT incident causing significant downtime could lead to job loss, personal liability, and legal penalties.

Resilience Adoption Slipping Dangerously
Sixty-seven percent of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience, with 68% agreeing that their organization currently has a Cyber Resilience strategy in place. As threats and vulnerabilities continue to proliferate and the risk of extended downtime grows, 65% of CISOs agree their organization prioritizes Cyber Resilience over traditional prevention, detection, and response. These findings are in sharp contrast to what CISOs reported just under a year ago, when in another Absolute Security survey, 83% of respondents agreed that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, with 90% reporting they had a Cyber Resilience strategy in place.

“Enhancing cyber resilience is vital for all organizations in the public and private sectors. CISOs cannot risk taking their eyes off cyber resilience in an era when adversaries now use AI to craft better phishing campaigns and new malware. Forward thinking organizations have CISOs who move quickly to embed technologies that give them a measurable edge against inevitable cyberattacks, software failures, and disruptions to their businesses,” said Jarad Carleton, Global Cybersecurity Market Research Director, Frost & Sullivan. “This research from Absolute Security illustrates the necessity of boosting business and cyber resilience and how urgently it is needed.”

Comprehensive CISO Cyber Resilience Resources and Community Launched
As part of the company’s commitment to the cybersecurity community, Absolute Security also today announced the launch of The Resilient CISO Inner Circle. This one-of-a-kind hub provides access to a community of visionary, resilient CISOs that are shaping the future of cybersecurity and resilience to help organizations in the modern digital business environment. The Inner Circle introduces expert content and insights delivered through videos, blogs, reports, and downloads. It includes access to The Resilient CISO LinkedIn Live sessions, featuring discussions with industry CISOs on how to achieve Cyber Resilience.

To explore new CISO Cyber Resilience resources, visit The Resilient CISO Inner Circle.

To read the ebook and full survey, visit: The Resilient CISO: The State of Enterprise Cyber Resilience

‍

Acerca de Absolute Security

Absolute Security se ha asociado con más de 28 de los principales fabricantes de dispositivos de punto final del mundo, está integrado en el firmware de 600 millones de dispositivos, cuenta con la confianza de miles de clientes empresariales de todo el mundo y cuenta con licencias para 16 millones de usuarios de PC. Con la plataforma de ciberresiliencia de Absolute Security integrada en su empresa digital, los clientes se aseguran de que sus equipos de trabajo móviles e híbridos se conecten de forma segura y fluida desde cualquier parte del mundo y de que las operaciones empresariales se recuperen rápidamente tras las interrupciones y los ciberataques. Nuestras capacidades galardonadas se han ganado el reconocimiento y el estatus de liderazgo en múltiples categorías de tecnología, entre las que se incluyen Acceso a la red Zero Trust (ZTNA), Seguridad de terminales, Security Services Edge (SSE), persistencia integrada en el firmware, evaluación automatizada del control de seguridad (ASCA) y plataformas Zero Trust. Para obtener más información, visite www.absolute.com y síguenos en LinkedIn, X, Facebook, y YouTube.

ABSOLUTE SECURITY, ABSOLUTE, EL LOGOTIPO DE ABSOLUTE Y NETMOTION son marcas comerciales registradas de Absolute Software Corporation ©2025 o de sus subsidiarias. Todos los derechos reservados. Otros nombres o logotipos mencionados en este documento pueden ser marcas comerciales de Absolute o de sus respectivos propietarios. La ausencia de los símbolos™ y® en las proximidades de cada marca comercial, o en absoluto, en este documento no constituye una renuncia a la propiedad de la marca comercial relacionada. Absolute Security es una compañía de cartera de Crosspoint Capital.

Para obtener más información, póngase en contacto con:

Relaciones con los medios
Joe Franscella
press@absolute.com