The first comprehensive global survey on Cyber Resilience, published by Absolute Security, reveals a stark reality: 55% of enterprise CISOs experienced a disruptive cyber incident in 2025, with no organization able to restore operations within a day. The research, involving 750 CISOs, found that recovery took an average of over 4.5 days, with some disruptions lasting up to two weeks, and costs soaring to an average of $2.5 million per incident.
55% of enterprise CISOs reported a disruptive cyber incident or attack in the past 12 months.
No organization could recover business operations within a single day.
Average recovery time exceeded 4.5 days, with 19% facing disruptions lasting up to two weeks.
The average cost to recover per incident reached $2.5 million.
72% of CISOs say their role now includes leading business continuity recovery after an attack.
Despite growing threats, adoption of formal Cyber Resilience strategies appears to be slipping.
The survey quantifies the severe operational and financial impact of cyber incidents. Beyond the average $2.5 million direct recovery cost, businesses suffered significant losses from prolonged downtime. Christy Wyatt, President and CEO of Absolute Security, emphasized the existential threat: “Organizations that aren’t prepared to bounce back quickly face an almost existential crisis, as prolonged downtime can crush a business.” The data underscores a critical gap between prevention efforts and resilience capabilities.
The role of the CISO is evolving under this pressure. The research indicates that 72% of CISOs are now held responsible for leading business continuity recovery post-attack, a expansion beyond traditional security and risk. Furthermore, 61% reported that their board expects a guarantee of zero breaches, and 59% expressed concern that a major incident could lead to job loss or personal liability, highlighting the heightened personal and professional stakes.
A Dangerous Decline in Resilience Focus
Alarmingly, the survey suggests a potential backslide in organizational focus on Cyber Resilience. While 68% of CISOs claim to have a strategy in place, this marks a significant drop from 90% reporting a strategy in a similar survey less than a year ago. Jarad Carleton of Frost & Sullivan noted the urgency: “This research... illustrates the necessity of boosting business and cyber resilience and how urgently it is needed.” This decline occurs even as AI-powered threats make attacks more sophisticated and disruptive.
The findings present a clear call to action for enterprises to prioritize and invest in measurable resilience capabilities that ensure rapid recovery, as total prevention has become an unrealistic expectation.
About Absolute Security
Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. Our award-winning capabilities have earned recognition and leadership status across multiple technology categories, including Zero Trust Network Access (ZTNA), Endpoint Security, Security Services Edge (SSE), Firmware-Embedded Persistence, Automated Security Control Assessment (ASCA), and Zero Trust Platforms.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.