Survey of 750 Enterprise CISOs Reveals 55% Faced Cyberattacks in 2025, with None Able to Restore Operations Within a Day, Recovery Costs Soared to $5 Million Per Incident; Sponsor Absolute Security Says Results Show Businesses Facing Existential Threat
SEATTLE--(BUSINESS WIRE)--#absolutesecurity--Absolute Security today published the industry’s first comprehensive research revealing the state of enterprise Cyber Resilience. Among the top findings were that when hit with cyber incidents and attacks, some organizations experienced operational disruptions that lasted as long as two weeks, a majority faced downtime that lasted nearly five days, and none could recover business operations within a day.
Cyber Resilience provides the ability to ensure defenses are operating effectively and to quickly restore business operations following disruptive cyber incidents and software failures. This global study of 750 Chief Information Security Officers (CISOs) in the US and UK is the industry’s first research to provide insights into the state of Cyber Resilience, the challenges enterprises face, and steps security and risk executives can take to overcome them. The findings are now published in the first instalment of Absolute Security’s newly launched eBook series, The Resilient CISO: The State of Enterprise Resilience.
Cyberattacks, Downtime on the Rise
The survey revealed that during the past 12 months, 55% of CISOs agreed their organization had experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable. When asked about recovery time, a majority (57%) reported their organizations took more than 4.5 days (on average) for full remediation and recovery, with 19% revealing recovery efforts stretched as long as two weeks. The survey further revealed that 98% of organizations are spending between $1 and $5 million to recover from cyber incidents, with the average cost to recover per incident now $2.5 million. Losses are likely understated, as this cost does not include overall losses attributed to total business downtime that attacks and incidents cause. Not a single respondent in the survey said they were able to recover from a cyber incident within a day when hit by an attack or incident in the past 12 months.
“There is simply no way to avoid the inevitable—at some point every organization will face the reality of a cyber incident or attack that takes down the business. Organizations that aren’t prepared to bounce back quickly face an almost existential crisis, as prolonged downtime can crush a business,” said Christy Wyatt, President and CEO, Absolute Security. “As security and risk leaders, we need to expand our focus beyond just traditional security. We must also be the driving force behind ensuring business operations run consistently and without disruption.”
CISOs on the Firing Line
CISOs are increasingly held responsible when it comes to dealing with the downtime caused by cyberattacks and security software incidents. Seventy-two percent agree their role has evolved from being responsible for security and risk only, to now leading their organization’s ability to recover continuity following a cyberattack, ransomware infection, security incident, or software failure that stops business operations.
Adding to the pressures of the role, 61% agreed their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents. A full 59% agreed they are concerned that a security or IT incident causing significant downtime could lead to job loss, personal liability, and legal penalties.
Resilience Adoption Slipping Dangerously
Sixty-seven percent of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience, with 68% agreeing that their organization currently has a Cyber Resilience strategy in place. As threats and vulnerabilities continue to proliferate and the risk of extended downtime grows, 65% of CISOs agree their organization prioritizes Cyber Resilience over traditional prevention, detection, and response. These findings are in sharp contrast to what CISOs reported just under a year ago, when in another Absolute Security survey, 83% of respondents agreed that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, with 90% reporting they had a Cyber Resilience strategy in place.
“Enhancing cyber resilience is vital for all organizations in the public and private sectors. CISOs cannot risk taking their eyes off cyber resilience in an era when adversaries now use AI to craft better phishing campaigns and new malware. Forward thinking organizations have CISOs who move quickly to embed technologies that give them a measurable edge against inevitable cyberattacks, software failures, and disruptions to their businesses,” said Jarad Carleton, Global Cybersecurity Market Research Director, Frost & Sullivan. “This research from Absolute Security illustrates the necessity of boosting business and cyber resilience and how urgently it is needed.”
Comprehensive CISO Cyber Resilience Resources and Community Launched
As part of the company’s commitment to the cybersecurity community, Absolute Security also today announced the launch of The Resilient CISO Inner Circle. This one-of-a-kind hub provides access to a community of visionary, resilient CISOs that are shaping the future of cybersecurity and resilience to help organizations in the modern digital business environment. The Inner Circle introduces expert content and insights delivered through videos, blogs, reports, and downloads. It includes access to The Resilient CISO LinkedIn Live sessions, featuring discussions with industry CISOs on how to achieve Cyber Resilience.
To explore new CISO Cyber Resilience resources, visit The Resilient CISO Inner Circle.
To read the ebook and full survey, visit: The Resilient CISO: The State of Enterprise Resilience
About Absolute Security
Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. Our award-winning capabilities have earned recognition and leadership status across multiple technology categories, including Zero Trust Network Access (ZTNA), Endpoint Security, Security Services Edge (SSE), Firmware-Embedded Persistence, Automated Security Control Assessment (ASCA), and Zero Trust Platforms. To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.
ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2026, or its affiliates. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.
Contacts
For more information, please contact:
Media Relations
Joe Franscella
press@absolute.com
