Shoring up both your cyber defenses and recovery capabilities will improve your company’s posture with IT regulators, cybersecurity standards bodies, and insurers.
Recent cybersecurity research reveals unwelcome news for businesses striving to manage their operational risk in a world where cybercriminals leverage artificial intelligence (AI) tools to sharpen their attacks:
- 56.6% of organizations reported business disruption and revenue loss due to a cyberattack in 2023, according to Statista.
- The average cost of a data breach swelled from $4.55 million per incident in 2023 to $5.53 million in 2024, as noted in IBM’s Cost of a Data Breach 2024 report.
- 27.6% of all received emails were spam, and 1.5% contained malware or phishing links, according to the Acronis Cyberthreats Report, H1 2024.
Cybersecurity analysts routinely cite AI as a factor driving these surging statistics. Tools like ChatGPT make it easier for criminals to craft more effective phishing emails, identify exploitable vulnerabilities, and scale their attacks to unprecedented levels.
Three distinct types of organizations—regulators, standards bodies, and insurers—have taken notice of this trend. All three now emphasize the importance of balancing cyber-defensive efforts with recovery technologies, processes, and skills.
Evolving Cybercriminal Tactics Demand Evolving Regulations and Standards
The reasoning behind this shift is simple: even the most carefully designed defense-in-depth strategies are bound to fail at some point. Attackers always have the first-mover advantage, while businesses inevitably play defense. The evolving tactics and sheer volume of AI-enabled attacks make it certain that some will succeed.
This reality underpins the renewed focus on recovery in compliance regulations, cybersecurity standards, and cyber insurance requirements. Organizations updating their strategies to align with regulations like the European Union’s (EU) NIS 2, following standards such as NIST CSF 2.0, or responding to insurer questionnaires for cyber insurance policies have already encountered these new recommendations and requirements.
How Businesses Can Benefit from a Cyber Resilience Plan
As with any complex challenge, having a plan makes all the difference. Businesses striving to meet new government and industry IT regulations, updated cybersecurity standards, and stricter cyber insurance requirements should focus on:
- Defensive Measures
- Skills and Processes for IT and Cybersecurity Operations
- Recovery Measures
Specific advice includes implementing newly recommended or required initiatives, such as Endpoint Detection and Response (EDR), disaster recovery, and incident response planning.
Better Cyber Defense and Recovery Deliver Broad Benefits
Countering the growing threat of AI-enabled cyberattacks requires a balanced approach to cyber defense and recovery. Investments in AI, automation, and integration technologies can optimize the cost, efficiency, and accuracy of cybersecurity operations. However, technology alone is not enough. Businesses must also:
- Refine processes across both the defensive and recovery spectrums.
- Build new skills across the organization – not just within IT and cybersecurity teams.
The good news is that investments in cyber defense and recovery reduce risks associated with other sources of data loss and downtime, such as employee error, software bugs, hardware failures, and climate-related disasters. By strengthening cyber resilience, businesses position themselves to navigate an increasingly complex threat landscape more effectively.
DIAMATIX is here to support your journey toward enhanced cyber resilience.
Source: Acronis