Absolute Security

72% of CISOs agreed that their role has evolved to include leading their organization’s ability to recover continuity following a cyberattack or security incident.

67% of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience within their organization.

In 2025, 83% of CISOs reported that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, compared to 90% in the previous year.

In 2025, 68% of CISOs agreed that their organization currently has a Cyber Resilience strategy in place.

In 2025, 57% of CISOs reported that their organizations took more than 4.5 days on average for full remediation and recovery after a cyber incident.

In 2025, not a single Chief Information Security Officer (CISO) reported being able to recover from a cyber incident within a day.

65% of CISOs agreed that their organization prioritizes Cyber Resilience over traditional prevention, detection, and response.

In 2025, 98% of organizations reported spending between $1 and $5 million to recover from cyber incidents, with the average recovery cost per incident being $2.5 million.

In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

In 2025, 19% of CISOs indicated that recovery efforts from cyber incidents extended as long as two weeks.

Critical patching for PCs running Windows 10 and 11 is delayed nearly two months on average across organisations.

35% of enterprise PCs lack encryption.

Enterprise PCs are logging millions of visits to popular generative AI platforms. Thousands of these visits are specifically landing on DeepSeek.

18% of enterprise PCs store sensitive data.

Top endpoint security controls, including leading Endpoint Protection Platforms (EPP), Security Service Edge (SSE) solutions, and Vulnerability and Patch Management platforms, fail to maintain compliance with internal security and performance policies 22% of the time.

Top endpoint security controls, including leading Endpoint Protection Platforms (EPP), Security Service Edge (SSE) solutions, and Vulnerability and Patch Management platforms, fail to maintain compliance with internal security and performance policies 22% of the time.

Critical patching for PCs running Windows 10 and 11 is delayed nearly two months on average across organisations.

Enterprise PCs are logging millions of visits to popular generative AI platforms. Thousands of these visits are specifically landing on DeepSeek.

26% of enterprise PCs are unaccounted for.

15% of healthcare PCs fail security tests.

Critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices 15 percent of the time in the analysed healthcare PCs.

The average Windows endpoint in healthcare is 48 days behind on critical security patches.