Organizations that have endured cyber incidents in the past don’t want to get burned again, according to a newly released survey by cyber resilience and data protection solutions firm CommVault.

Consequently, they often reassess and invest in cyber resilience and recovery strategies in meaningful ways.

New insights from its”2024 Cyber Recovery Readiness Report”, indicated that organizations that have been breached spend nearly 30 percent more on cybersecurity measures than those that haven’t.

The global survey, conducted in collaboration with GigaOm, of 1,000 security and IT professionals across 11 countries, revealed that breached organizations are nearly 2.5 times more likely to prioritize understanding their data risk profiles, highlighting data types and relative levels of risk.

In addition,the breached organizations conduct more testing to find gaps in their cyber preparedness plans.

Twenty percent of organizations that haven’t been breached do not test their recovery plan at all, that number drops to just 2 percent for organizations that have been breached.

According to the survey, breached organizations that have invested in comprehensive cyber recovery plans recover 41 percent faster than their less-prepared counterparts.

Breached organizations state that they are 32 percent more likely to recover within 48 hours compared to those that have not been breached – a much better outcome than the recovery times noted by other respondents, which could be three weeks or more.

The reduced downtime can translate into significant savings in terms of direct financial losses and the preservation of customer trust and brand reputation.

“We’ve all heard the expression hindsight is 20/20, and that could not be more applicable when it comes to the findings of this survey,” said Brian Brockway, chief technology officer at Commvault. “Our survey shows that the most resilient organizations are those that continuously test and refine their recovery strategies, learning from each incident to strengthen their defenses. It’s this proactive mindset, rather than reactive spending, that makes the difference.”

The report underscores the costs of being breached – ranging from operational disruption to regulatory fines – far exceed the expenses of proactive cyber resilience measures.

“The findings should be a call to action for all organizations, not just those that have been breached,” said Chris Ray, cybersecurity analyst at GigaOm. “Cyber threats are constantly evolving, and so too must the strategies to counter them. It’s about adopting a holistic approach to cyber resilience that integrates people, processes, and technology, ensuring readiness at every level.”

Commvault and GigaOm were able to pinpoint five key capabilities, also called resiliency markers, that when deployed together, helped companies recover faster from cyberattacks and experience fewer breaches compared to companies that did not follow the same path.

The five resiliency markers emerged after data analysis teams combed through the same survey results across a range of topics including: how often companies were breached, what resilience technologies were (or were not) deployed, and how rapidly businesses were able to recover data and resume normal operations.

The resiliency markers are as follows:

• Security tools that enable early warning about risk, including insider risk.
• A known-clean dark site or secondary system in place.
• An isolated environment to store an immutable copy of the data.
• Defined runbooks, roles, and processes for incident response.
• Specific measures to show cyber recovery readiness and risk.