A global study has highlighted what it calls an urgent need for unified cyber crisis management, as most organisations fall short when it matters most.
Semperis’ research, The State of Enterprise Cyber Crisis Readiness, highlights a ‘dangerous’ gap between perceived readiness and real-world response capabilities.
“Cyberattacks don’t check your calendar — they hit when you’re at your weakest,” said Marty Momdjian, Semperis, EVP, Ready1. “In moments of crisis, it’s not about rising to the occasion, but falling back on the strength of your preparation.”
Based on a global survey of 1,000 organisations in the US, UK, Germany, France, Italy, Spain, Singapore, Australia and New Zealand, the report reveals a sobering reality:
- 96%Â of companies globally say they have a cyber crisis response plan.
- Yet 71% experienced at least one high-impact cyber event that halted critical business functions last year.
- 36% suffered multiple high-impact events.
- 90% activated their enterprise crisis response plan at least once in the past year — some more than 25 times.
- Only 10% report no blockers during incident response.
In the UK specifically, the report highlights that nearly half (49%) of businesses had to activate their crisis response teams up to four times in the past year due to cyber incidents. A further 37% activated their crisis response team five or more times.
Despite frequent testing, most organisations are not battle-ready due to disjointed processes, poor coordination and tool sprawl. Surprisingly, staffing shortages ranked last on the list of blockers.
Top 5 blockers to effective cyber response:
- Cross-team communication gaps (48%)
- Out-of-date response plans (45%)
- Unclear roles and responsibilities (41%)
- Too many disparate tools (40%)
- Staffing shortages (ranked last globally at 39%)
Staffing shortages were only listed as the biggest blocker in Italy and New Zealand. In the US, incident responders ranked outdated response plans and cross-team communications gaps as the biggest blockers. In France and Germany, tool sprawl was the biggest blocker. Cross-team communications gaps was also the top blocker in the UK, Australia, Singapore and Spain.
IT/telecom industries experienced the most high-impact cyber events, followed by energy, travel/transportation, education and healthcare.
“In today’s cyber threat landscape, the ability to respond swiftly and decisively is just as critical as prevention,” said Chris Inglis, the first US National Cyber Director and Semperis Strategic Advisor. “Companies need a command centre for crisis management, ensuring organisations have the playbook, the training and the coordination needed to turn chaos into control.”
