In 2025, 19% of CISOs indicated that recovery efforts from cyber incidents extended as long as two weeks.

72% of CISOs agreed that their role has evolved to include leading their organization’s ability to recover continuity following a cyberattack or security incident.

In 2025, not a single Chief Information Security Officer (CISO) reported being able to recover from a cyber incident within a day.

In 2025, 57% of CISOs reported that their organizations took more than 4.5 days on average for full remediation and recovery after a cyber incident.

In 2025, 98% of organizations reported spending between $1 and $5 million to recover from cyber incidents, with the average recovery cost per incident being $2.5 million.

29% of IT leaders believe that lower cyber liability insurance premiums are a key benefit a cyber incident recovery solution provides to contribute to better cyber resilience.

53% of IT leaders believe that regular testing and validation of cyber incident recovery plans is a key benefit a cyber incident recovery solution provides to contribute to better cyber resilience.

70% of organizations test their cyber incident recovery plans annually.

96% of IT leaders state their organizations are very likely or somewhat likely to invest in cyber incident recovery in the next 12 months.