A Breach Can Teach

The experience of a breach has significant impact on how an organization approaches resilience.

Unfortunately, breaches are far too common, affecting companies of all sizes across all industries. Like any dramatic experience, the experience of fighting through a breach reshapes how an organization behaves and prioritizes its actions. These were among the findings in our inaugural Cyber Recovery Readiness Report, a joint effort of Commvault and GigaOm.  

We surveyed 1,000 cyber security and IT leaders from countries around the world to better understand the global state of cyber recovery readiness and to get a clear understanding of how organizations remain resilient through the chaos and damage of breaches.

Our survey confirmed the prevalence of breaches, with 83% of our respondents reporting a material security breach: over 50% of these within the past year and more than 75% in the last 18 months. With breaches costing up to $12 million per day1, the ability to recover quickly is paramount.  

One significant finding across the data set is that there are many lessons to be learned from being breached. Organizations gain experience that changes their outlook, prioritization, and often, their maturity. As an example, organizations that experienced a breach are nearly 2.5 times more likely to rank understanding data risk profile, data classifications, and relative level of risk as a top priority for their cyber recovery strategy, compared to organizations that have not been breached. 

Overall, organizations that haven’t been breached have a narrower focus, citing the need to have critical data fully backed up and recoverable as a top three choice nearly 60% of the time. Organizations that have been breached place a premium on a wider set of practices, led by understanding their data risk profile and classifications.   

This tells us that once an organization has undergone a breach and understands the implications of what it takes to respond, its priorities shift. Those organizations have learned that there are key areas to incorporate that may be less obvious to those that haven’t been breached such as: communication with stakeholders, working with vendors, clear ownership, and division of responsibilities.  Those that haven’t been breached are primarily focused on speed alone. 

Breached organizations are also less satisfied with the status of their early warning tools compared to those that did not report a breach, suggesting a level of complacency in the unbreached group. 

Overall, those that have been breached prepare more comprehensively – they are more likely to have plans, and the plans they do have, they test more frequently. And in response to a breach, they equally prioritize more capabilities and activities vs. trying to do a few things well. 

Read the full report here.


1SolarWinds: Pingdom Team, Average Cost of Downtime per Industry, Jan 9, 2023.

More related posts

What You Can Learn From 1,000 IT and Security Leaders
Backup and Recovery

What You Can Learn From 1,000 IT and Security Leaders

Jul 1, 2024
View What You Can Learn From 1,000 IT and Security Leaders
The Data Protection for all your Oracle Needs: Commvault at Oracle CloudWorld 2023
Data Protection

The Data Protection for all your Oracle Needs: Commvault at Oracle CloudWorld 2023

Sep 11, 2023
View The Data Protection for all your Oracle Needs: Commvault at Oracle CloudWorld 2023