ANZ businesses face reality check on cyber recovery timelines

There is a significant gap between leaders' expectations for business recovery post-cyberattack and the reality of recovery timelines in Australia and New Zealand (ANZ), according to new research from Commvault, a leading provider of data protection and cyber resilience solutions for hybrid cloud organisations. The findings emphasise the need for improved cyber resilience strategies to protect against increasing cyber threats.

The ANZ State of Data Readiness Report 2024, commissioned by Commvault and conducted in partnership with Tech Research Asia (TRA), surveyed over 400 ANZ organisations and revealed that 75% of business leaders anticipate resuming operations within five days following a cyberattack. Meanwhile, IT professionals within these organisations report average recovery times spanning between five and eight weeks.

The findings underscore the vulnerability of the region to cyberattacks, with 62% of Australian and 68% of New Zealand companies experiencing at least one attack in the past year. As per Martin Creighan, Vice President for Asia Pacific at Commvault, the data emphasises "the critical gap between the expectation of rapid recovery and the harsh reality of extended downtimes. Organisations must prioritise strengthening their cyber resilience to safeguard against the increasing frequency and sophistication of cyber threats."

Beyond merely reacting to cyber threats, ANZ companies must increasingly shift their focus towards proactive cyber resilience strategies, including more robust incident response plans and investments in advanced technologies like AI and data immutability. Shockingly, only 4% of organisations believed their cyber resiliency capabilities were mature. Furthermore, approximately 50% of organisations were found to be lagging in their cyber resilience readiness.

The report cites rigorous testing of incident response plans and using advanced recovery solutions as key measures to shorten recovery times and improve cyber resilience. Presently, 69% of companies report having an incident response plan in place, with 62% of these companies testing their plan every six months. Despite this, 23% believe their plan is inadequate, and 56% believe improvements could be made.

For companies, effective testing of such plans can be a complex and costly endeavour. Besides high costs, the challenges include insufficient planning, complex testing procedures, and a lack of skilled cybersecurity professionals. Innovative practices such as utilising cleanrooms can help overcome these barriers. Creighan noted, "The latest cleanrooms are not only designed to orchestrate, on demand, recovery to a clean, isolated location in the cloud, but they can also be used to routinely and cost effectively test cyber recovery strategies in advance of an attack."

Despite the prevailing challenges, the research highlights the importance for ANZ organisations to bolster their cyber defences and encourages the adoption of modern practices such as cleanrooms and immutable data storage to expedite recovery timelines. As organisations throughout the region seek to improve their resilience against the rising threat of cyberattacks, these insights offer a roadmap to understanding and enhancing data readiness and cyber resilience,