Average cyberattack cost hits $2.5M as recovery lags

Average recovery costs from a cyberattack are climbing, yet enterprise resilience plans appear to be going backward. Prolonged downtime is now stripping millions from revenue lines, with operational stability taking a direct hit.

For years, the role of the Chief Information Security Officer (CISO) has focused on keeping intruders out. That role is changing. Security executives are moving away from pure prevention to focus on weathering the storm when, not if, disruptions happen.

A new report from Absolute Security, which surveyed 750 CISOs across the US and UK, flags a difficult transition. Nearly 20 percent of organisations faced disruptions lasting up to two weeks following a cyberattack. Meanwhile, the average incident cost has reached $2.5 million.

A race to recover

The business problem has moved from blocking a breach to restoring operations once defences fail. The National Institute of Standards and Technology (NIST) defines cyber resilience as the capacity to “anticipate, withstand, recover from, and adapt to adverse conditions.”

Despite this industry standard, speed remains a major hurdle. Not a single CISO surveyed could fully recover from a disruptive incident within 24 hours. Instead, 57 percent of enterprises need between three and six days to restore mobile and remote endpoints, while 19 percent face downtime stretching up to two weeks.

“There is simply no way to avoid the inevitable—at some point every organisation will face the reality of an attack or IT incident that takes down the business,” says Christy Wyatt, President and CEO of Absolute Security.

“Organisations that aren’t prepared to bounce back quickly face an almost existential crisis, as prolonged downtime can literally crush a business.”

Counting the average cost of a cyberattack

The price of these delays is steep. 98 percent of CISOs report that recovering from a disruptive incident costs between $1 million and $5 million, with the average landing at $2.5 million.

These figures show the fragility of modern digital infrastructure. In the past year, 55 percent of CISOs saw their organisation hit by an attack or breach that rendered endpoint devices inoperable. This is not just about malicious actors; internal software failures are a growing worry, with 53 percent of respondents fearing a security software control failure could trigger major downtime in the coming year.

Data from the report points to a worrying trend: while resilience is necessary, adoption of these plans seems to be slipping.

Current figures show 65 percent of CISOs believe their organisation prioritises cyber resilience over traditional prevention. However, this is a sharp drop from the previous year, where 83 percent held this view. Likewise, organisations with a formal cyber resilience strategy fell from 90 percent to 68 percent year-over-year. This regression suggests that as threat complexity grows, confidence in resilience strategies may be waning.

The ‘zero breach’ trap

A gap remains between security teams and the boardroom regarding what is actually possible. 61 percent of CISOs note that their board and C-suite still expect security investments to guarantee “zero breaches”.

This unreasonable zero failure expectation puts security leaders in a bind. As the role evolves from technical guardian to business continuity leader, the personal stakes are higher. Amid growing average costs to an enterprise, 59 percent of respondents agreed that a cyberattack causing major downtime could result in job loss, personal liability, or legal penalties for them personally.

“Our mandate has shifted from pure defense to absolute resilience,” writes Harold Rivas, CISO at Absolute Security. “We must now ensure that business operations can be defended, protected, and rapidly restored following disruptions from any source.”

When looking at the next 12-18 months, CISOs identify three main drivers of disruption:

• Ransomware: 57% see this as a primary threat.
• Supply chain: 56% anticipate incidents via third-party vendors.
• Insider threat: 55% view internal actors as a likely source of compromise.

Enterprise resilience currently looks more aspirational than operational. With recovery times from cyberattacks averaging nearly five days and average costs hitting the millions, the standard approach to business continuity is not keeping pace with the market.

For senior leadership, the fix involves realigning expectations. Acknowledging that breaches happen allows budget and planning to focus on rapid recovery capabilities rather than just perimeter defence. 

Success in the coming year will likely be defined less by the attacks an enterprise avoids, and more by how efficiently it restores operations when the inevitable occurs.

See also: Telecoms in 2026: Edge AI, data sovereignty, and monetisation

Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the AI & Big Data Expo. Click here for more information.

Telecoms is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.

Tags: ciso, cybersecurity, infosec, networks, report, research, resilience, Security, study, telecoms