Of the respondents, 63% said that they are not aware of, or don’t know about the Essential Eight framework.
Out of the 63% responding, 43%are working in C-suite or senior management roles, and
35%cite cybersecurity as their primary role.
Out of the 55% who are familiar with the term cyber resilience, 76% of respondents said their organisation has a cyber resilience policy, and 24% of IT decision-makers said their organisation didn’t have a cyber resilience policy, or they didn’t know if it had one.
Of the 82% of respondents whose specific role is cybersecurity that were aware of cyber resilience, 88% of this group said their organisation has a cyber resilience policy.
Out of 55% who are familiar with cyber resilience, 51% of respondents said less than 24 hours is defined as 'return to normal' in their cyber resilience plan/strategy.
Of the respondents, 74% said their organisation has not paid a ransom to recover data, 10% say they have paid a ransom.
The top three concerns implemented in most organisations are:
Cyber awareness and training
Cyber risk and threat management
Incident response and recovery plan