Global Study

The State of Enterprise Cyber Crisis Readiness

Are incident response plans delivering business and operational resilience?

Get the report Key highlights for security leaders

Measuring the success of cyber incident response and crisis management

We asked 1,000 organizations across the US, UK, Germany, France, Italy, Spain, Australia, New Zealand, and Singapore about their readiness to respond to cyber threats. Have they integrated cyber incident response plans into their enterprise crisis management processes? Which challenges are preventing effective cyber crisis response? And are they putting their plans into action?

The State of Enterprise Cyber Crisis Readiness provides insights for organizations that want to improve confidence in their response to cyber-driven crises.

Get the report

The good news

96%

of responding organizations have a cyber crisis response plan

In the past 12 months

90%

of enterprise crisis teams were activated due to cyber incidents

Even so

71%

experienced at least one incident that stopped critical business functions

Only

10%

reported no serious blockers to effective cyber incident response

In today’s modern enterprise, operational resilience is the mainstay of effective cyber breach preparedness. It goes beyond just responding to incidents—it’s about ensuring the business can keep functioning when systems are under attack or go down entirely.
Jim Bowie CISO, Tampa General Hospital

What is blocking effective incident response?

Challenges range from communication gaps to outdated plans and beyond. Overcoming these challenges is vital for fast, coordinated, and efficient incident response.

The wrong approach can “drive people through an unrealistic escalation path that they can’t actually implement,” warns Courtney Guss, Semperis Director of Crisis Management.

See the data

Without ongoing engagement with experienced incident response professionals, teams often build their plans around assumptions rather than real-world threats and trends. That gap becomes painfully obvious during an actual incident.
Jeff Wichman Director of Incident Response, Semperis

Organizations are practicing—but are they prepared?

“The ability to respond swiftly and decisively [to cyber threats] is just as critical as prevention,” says Chris Inglis, former US National Cyber Director.

Tabletop exercises are indispensable tools in the fight against cyberattacks. By practicing response playbooks in realistic scenarios, organizations can fine-tune crisis planning. Yet our study finds that, despite regularly performing such exercises, teams often leave crucial stakeholders out of the picture.

Get the report

Cyber incidents don’t wait for organizations to be ready—they strike when you’re least prepared. In a crisis, you don’t rise to the occasion. You fall to your level of preparedness.
Marty Momdjian Ready1 GM, Semperis