17 October 2024  —  James Slaby

A refreshed cyber resilience plan can help your business in three significant ways

Acronis
Acronis Cyber Protect
formerly Acronis Cyber Backup

Shoring up both your cyber defenses and recovery capabilities will improve your company’s posture with IT regulators, cybersecurity standards bodies and insurers.

Recent cybersecurity research has unwelcome news for businesses trying to manage their operational risk in a world where cybercriminals now wield artificial intelligence (AI) tools to sharpen their attacks:

  • 56.6% of organizations reported business disruption and revenue loss due to a cyberattack in 2023, according to Statista.
  • The average cost of a data breach swelled from $4.55 million per incident in 2023 to $5.53 million in 2024, according to IBM’s Cost of a Data Breach 2024 report.
  • 27.6% of all received emails were spam, and 1.5% contained malware or phishing links, according to the Acronis Cyberthreats Report, H1 2024.

Cybersecurity analysts routinely cite AI as a factor in these surging statistics. ChatGPT and similar AI tools make it easy for criminals to improve the effectiveness of phishing emails, scan applications for exploitable vulnerabilities and massively scale up the volume of their attacks.

Three distinct types of organizations — regulators, standards bodies and insurers — have taken notice of this trend and have responded in strikingly similar ways. All three are now reminding businesses to balance their cyber-defensive efforts with a corresponding emphasis on recovery technologies, processes and skills.

Acronis
White Paper
A 12-step cyber resilience plan for business: Integrate defense and recovery

Evolving cybercriminal tactics have led to evolving regulations and standards

The reasoning behind these parallel changes is simple: Even the most carefully conceived and implemented defense-in-depth strategy is going to fail at some point. Attackers always have first-mover advantage. Businesses inevitably are cast in the role of counterpunchers. The array of constantly evolving tactics — as well as the sheer volume of AI-enabled attacks — raises the probability that one will eventually succeed to a certainty.

This explains the renewed emphasis on recovery in compliance regulations, cybersecurity standards and cyber insurance requirements for would-be policy holders. If you are keeping up with new versions of regulations like the European Union’s (EU) NIS 2, following standards like the NIST CSF 2.0, or are responding to an insurer questionnaire when applying for or renewing a cyber insurance policy, you have already seen these new recommendations and / or requirements.

Businesses can benefit from a plan to improve their cyber resilience

As with any complex endeavor, having a plan helps. To that end, Acronis has produced a complimentary white paper, “A 12-step cyber resilience plan for business.” This compact document outlines the key areas of focus for businesses that need to comply with the latest government and industry IT regulations, new versions of cybersecurity standards, and / or updated requirements to qualify for cyber insurance. The paper groups these 12 measures into three categories: defensive measures, skills and processes for IT and cybersecurity operations, and recovery measures, and includes advice on specific initiatives that are newly recommended or required by all of these bodies, including EDR, disaster recovery and incident response planning.

Better cyber defense and recovery yields benefits for other types of incidents, too

Countering the growing threat of AI-enabled cyberattacks requires a balanced approach to cyber defense and recovery. Judicious investments in AI, automation and integration technologies can help optimize the costs, efficiency and accuracy of cyber defense and recovery operations. But technology by itself isn’t a panacea. Businesses must also: a) refine their processes on both ends of the defense / recovery spectrum, and b) add new skills across the organization, not just on their IT and cybersecurity teams. Part of the good news here is that investments in cyber defense and recovery will also reduce a business’s risk exposure to other common sources of data loss and downtime, like employee error, software flaws, IT hardware failures and climate disasters.

Acronis
White paper
A 12-step cyber resilience plan for business: Integrate defense and recovery


About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.