Survey Says: Cyber Recovery is More Complicated Than Disaster Recovery

What's the difference between disaster recovery and cyber recovery? While they might seem similar at first, a deeper dive reveals significant differences.

We partnered with ESG to explore these distinctions, surveying 500 IT and security leaders worldwide. Our findings, detailed in the report "Preparedness Gap: Why Cyber-recovery Demands a Different Approach From Disaster Recovery," highlight the greater complexity and reach of cyber recovery (CR).

This free report is packed with data that could change your approach to CR.

6 Key Findings

1. Confidence is not high

Only 26% of respondents are confident in their ability to protect all mission-critical applications and data. And only 20% are confident they're protecting all apps and data needed to remain operational.

2. Complexity and differentiation

CR is significantly more complicated than traditional disaster recovery (DR). Among our respondents, 70% say CR is either more complex, takes longer, or both. While both aim to restore operations, CR involves additional steps for successful recovery.

3. Greater challenges with cyber recovery

Nearly all respondents (91%) say the complexity with CR begins with spending significant time and effort on forensic analysis to determine the full scope of the incident. And 85% say recovery without establishing a cleanroom environment creates significant risk of reinfection. A similar number of respondents (83%) fear that rushing to recover from a cyber incident could destroy valuable evidence.

4. Specialized processes and technologies

It's not just the extra steps needed that makes CR more complicated. Effective CR requires specialized processes and technologies as well. Sixty-four percent of respondents say the technologies for CR are more complex than traditional DR. And people skills are a problem. Fifty-nine percent of respondents report finding and retaining staff with the right skills is harder for CR, than DR.

5. Attacks are targeting more than data

Ransomware payments are typically motivated by RTO needs, so attackers know that taking out the backup infrastructure will exacerbate the situation for the victim. Among our respondents, 92% say they've suffered from attacks that explicitly target backups, and 71% say those kinds of attacks account for half or more of all attacks. The good news is nearly all (96%) report that they're taking extra measures to protect at least some or all of their backup copies.

6. Alignment with disaster recovery

It's not all black and white when it comes to DR vs CR. Despite the differences, many organizations integrate CR planning into their broader DR programs. Over 52% of organizations include CR as part of their DR strategy, and even when managed separately, there is a high degree of alignment in processes and protocols.

Why a Different Emphasis on Cyber Recovery Matters

Let's be honest, ransomware attacks are downright nasty. Aside from the obvious data loss and downtime:

• 44% of respondents report reputational damage and customer loss.
• 42% report theft of sensitive data from employees/customers/partners.
• 40% report compliance violations.
• 32% say such attacks resulted in third-party liability/legal action.

On the financial side, nearly a quarter of respondents (23%) report having paid a ransom last year, with the average largest payment reportedly being nearly $3 million. Given those high stakes, it's vital to learn all you can to prepare your organization to tackle the complexities of CR.

Take a look at the full report here. If you're looking to bolster your CR capabilities, I invite you to check out Beyond Disaster Recovery: Why You Need a Different Strategy When Ransomware Strikes.

Public link

Please use the above public link if you want to share this noodl on another website.