The Resilient CISO: The State of Enterprise Cyber Resilience

72% of CISOs agreed that their role has evolved to include leading their organization’s ability to recover continuity following a cyberattack or security incident.

67% of CISOs stated they are the primary executive responsible for ensuring Cyber Resilience within their organization.

In 2025, 83% of CISOs reported that Cyber Resilience was more critical for their organization than traditional cybersecurity measures, compared to 90% in the previous year.

In 2025, 68% of CISOs agreed that their organization currently has a Cyber Resilience strategy in place.

In 2025, 57% of CISOs reported that their organizations took more than 4.5 days on average for full remediation and recovery after a cyber incident.

In 2025, not a single Chief Information Security Officer (CISO) reported being able to recover from a cyber incident within a day.

65% of CISOs agreed that their organization prioritizes Cyber Resilience over traditional prevention, detection, and response.

In 2025, 98% of organizations reported spending between $1 and $5 million to recover from cyber incidents, with the average recovery cost per incident being $2.5 million.

In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

In 2025, 61% of CISOs indicated that their organization’s board and C-suite expect the cybersecurity group to guarantee zero breaches and ransomware incidents.

In 2025, 19% of CISOs indicated that recovery efforts from cyber incidents extended as long as two weeks.