Cyberattacks Remain a Perennial Threat for Organizations

By Greg Tavarez

The foremost concern facing organizations across all sectors is the persistence of cyberattacks and other threats that jeopardize their operational continuity. Among these threats, ransomware is at the front of the pack, with its impact escalating as cybercriminals continue to amass substantial ransom payments.

That said, ransomware is one facet of the multifaceted threat landscape. Organizations grapple with a diverse array of risks emanating from external and internal sources that span from deliberate human actions to naturally occurring vulnerabilities. Adding to this complex panorama is the impending specter of AI wars, a threat on the horizon that looms ever closer.

 These challenges raised questions – questions from InformationWeek, a business technology resource: “how well-prepared are modern companies to confront these threats? Are their cybersecurity champions experiencing burnout in the face of relentless challenges, or are they rising to the occasion with unwavering enthusiasm?” The questions are what prompted InformationWeek to conduct a study, and the findings were appalling.

“Our survey asked respondents what types of events, including cyberattacks, caused major disruptions to their IT systems. They told us that increasing attacks by malicious actors are making it more difficult for organizations to maintain IT operations after an incident; but it’s much more complicated than that,” said Sara Peters, editor-in-chief of InformationWeek. “Many of the decisions that CIOs and CISOs have to make during a crisis aren’t about technology; they’re about business and risk.”

With all the talk surrounding cybersecurity, most would expect cyber risk mitigation investments to be high, right?

Well, that was not the case as cyber risk mitigation investments are not the bulk of budget allocations for most companies. Almost 40% of respondents allocate less than 10% of their annual IT budget to cybersecurity, one-third dedicate between 10% and 24% of their budget to cybersecurity, and 16% spend between 25% and 49% of their budget on protecting their company from cyberthreats.

This allocation of budget for cybersecurity is a cause for concern because it reflects a potential mismatch between the level of cyber risk and the resources dedicated to mitigating it. Allocating a relatively small portion of the IT budget to cybersecurity suggests that many companies may not be adequately prioritizing or investing in measures to protect themselves from pervasive and increasingly sophisticated threats.

Looking deeper into the budget allocations, the study found that the cybersecurity investment is typically split between defense at 70%, such as technologies and talent expenditures, and rebound at 30%, like business continuity, disaster recovery, data backups, cyber insurance and ransom money.

Rebound is the key here because a strong defense strategy may not be enough to hold the attackers back. A company must rely on the strength of its rebound plan. The best way to gauge the incident response effectiveness is to test it, yet nearly one quarter of companies surveyed have never conducted tests or are unsure if their teams have tested with tabletop exercises or other measures.

Backups top the list of tools and procedures used by respondents, yet half of respondents report they include misconfigurations in their cyber resilience plans, and 43% include planning for severe weather events.

Additionally, nearly half of companies reported carrying cyber liability insurance either as a standalone policy or as a rider on a larger business insurance policy. Of those with cyber insurance, 84% believe the protection is worth the expense.

Cyber insurance provides benefits, such as financial protection in the event of a cyberattack, coverage for legal and regulatory expenses and assistance with the costs of recovering from a breach. For some organizations, especially those with limited cybersecurity resources, yes, it is a valuable safety net.

“Cyber resilience and cyber incident response plans are expanding to include supply chain breakdowns, cloud computing outages, geopolitical events, AI-related threats, death, climate change and more,” said Peters. “Many technologies are implemented to maintain resilience, and solid backups remain the number one answer.”

The state of cybersecurity is still in the realm of underdog status given the continuous and rapid rise of new and ever more sophisticated attacks. However, cybersecurity is far from being a hopeless endeavor. Against the odds, 61% of those surveyed reported high satisfaction among their cybersecurity teams, despite the scarcity of resources.

“The challenges seem insurmountable sometimes, and the fact that our readers approach cyber resilience so bravely is impressive,” said Peters.




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By: Erik Linask    7/8/2026

Blackpoint Cyber's new AI SOC Agent for Identity Threat Detection and Response gives MSPs an autonomous, human-guided way to contain high-confidence c…

Read More

Identity Is the New Perimeter and MSPs Are on the Front Line

By: Erik Linask    7/8/2026

Barracuda's acquisition of Evo Security expands BarracudaONE with MSP-focused IAM and PAM capabilities, highlighting how identity resilience is becomi…

Read More

MSPs: The Network Is No Longer Someone Else's Problem

By: Erik Linask    6/30/2026

Reinvent's new MyCloud SecureLink offering gives MSPs and resellers a partner-ready way to deliver managed SD-WAN, network security, and resilient con…

Read More

Why the Fastest-Growing MSPs Are Saying "No" More Often

By: Special Guest    6/30/2026

The fastest-growing MSPs in the U.S. are boosting margins, reducing cyber risk, and scaling more sustainably by adopting stricter customer qualificati…

Read More

The AI ROI Problem Was Never About the Model; It's About Integration

By: Erik Linask    6/24/2026

Xurrent's new built-in iPaaS is designed to help AI agents move from recommendation to execution by connecting ITSM workflows directly to systems like…

Read More