Why do companies perish from cyberattacks while holding all the instructions in their hands?
Companies around the world often overestimate their ability to recover from cyberattacks. This is the conclusion reached by Dell researchers, who coined the term "resilience debt." This gap exists between how prepared organizations currently believe they are to recover and how they actually act. According to the survey, this gap is much greater than companies themselves expect and directly increases risks during incidents.
"Resilience debt" occurs when nearly everyone focuses on attack prevention, while recovery processes continue without regular checks and updates. Until the system crashes, the problem goes unnoticed. But in the midst of a crisis, it becomes clear that backups are outdated, instructions are broken, and the team is unable to quickly restore a functioning infrastructure. The resulting delays, data loss, and financial consequences lead to more serious forecasts.
Dell's research shows that this illusion of help is widespread. While 99% of organizations formally have cyber resilience strategies, 63% of IT executives believe management overestimates their actual recovery capabilities. This is confirmed in practice: 57% of companies reported that during a recent incident or when using a training microphone, headphones performed less effectively than planned.
The authors emphasize that debt sustainability is more dangerous than typical technical debt in security. It accumulates and is quietly discovered only when it's too late to fix it immediately. Without constant auditing, recovery readiness gradually deteriorates, even if everything looks flawless on paper.
Dell offers three key explanations for this problem.
The first is infrequent recovery planning. The less frequently a company implements backup plans, the higher the chance of failure. Organizations that do this at least once a month achieve recovery success in 55% of cases. With less frequent audits, the rate drops to 35%. Meanwhile, backups that comply with the rules accumulate.
The second reason is excessive confidence in attack protection. 78% of organizations believe they can prevent most disasters and therefore invest less in recovery preparation. This leads to plans remaining untested and underfunded precisely when attackers begin to target recovery infrastructure.
3rd – "perceived protection" for backups. They consider themselves a guarantee of security and provide weaker protection than production systems. Meanwhile, attackers are increasingly targeting backups: corrupting snapshots, messing with directories, and exploiting misconfigurations. As a result, what should save the business becomes another point of vulnerability.
Researchers note that cyber resilience is already becoming a competitive advantage. Companies that regularly test and practice recovery recover faster after an attack and are more confident in making changes because they trust their infrastructure not just in words, but in action. To reduce "resilience debt," Dell recommends five steps: conducting comprehensive recovery tests frequently, isolating critical data into isolated cyber-storages, implementing automated testing and using clean recovery technologies powered by AI and machine learning, elevating resilience issues to the executive management level, and balancing investments between attack prevention and recovery.
Failure to do this, the authors warn, could result in the next major attack revealing that true preparedness was merely an illusion.
Companies around the world often overestimate their ability to recover from cyberattacks. This is the conclusion reached by Dell researchers, who coined the term "resilience debt." This gap exists between how prepared organizations currently believe they are to recover and how they actually act. According to the survey, this gap is much greater than companies themselves expect and directly increases risks during incidents.
"Resilience debt" occurs when nearly everyone focuses on attack prevention, while recovery processes continue without regular checks and updates. Until the system crashes, the problem goes unnoticed. But in the midst of a crisis, it becomes clear that backups are outdated, instructions are broken, and the team is unable to quickly restore a functioning infrastructure. The resulting delays, data loss, and financial consequences lead to more serious forecasts.
Dell's research shows that this illusion of help is widespread. While 99% of organizations formally have cyber resilience strategies, 63% of IT executives believe management overestimates their actual recovery capabilities. This is confirmed in practice: 57% of companies reported that during a recent incident or when using a training microphone, headphones performed less effectively than planned.
The authors emphasize that debt sustainability is more dangerous than typical technical debt in security. It accumulates and is quietly discovered only when it's too late to fix it immediately. Without constant auditing, recovery readiness gradually deteriorates, even if everything looks flawless on paper.
Dell offers three key explanations for this problem.
The first is infrequent recovery planning. The less frequently a company implements backup plans, the higher the chance of failure. Organizations that do this at least once a month achieve recovery success in 55% of cases. With less frequent audits, the rate drops to 35%. Meanwhile, backups that comply with the rules accumulate.
The second reason is excessive confidence in attack protection. 78% of organizations believe they can prevent most disasters and therefore invest less in recovery preparation. This leads to plans remaining untested and underfunded precisely when attackers begin to target recovery infrastructure.
3rd – "perceived protection" for backups. They consider themselves a guarantee of security and provide weaker protection than production systems. Meanwhile, attackers are increasingly targeting backups: corrupting snapshots, messing with directories, and exploiting misconfigurations. As a result, what should save the business becomes another point of vulnerability.
Researchers note that cyber resilience is already becoming a competitive advantage. Companies that regularly test and practice recovery recover faster after an attack and are more confident in making changes because they trust their infrastructure not just in words, but in action. To reduce "resilience debt," Dell recommends five steps: conducting comprehensive recovery tests frequently, isolating critical data into isolated cyber-storages, implementing automated testing and using clean recovery technologies powered by AI and machine learning, elevating resilience issues to the executive management level, and balancing investments between attack prevention and recovery.
Failure to do this, the authors warn, could result in the next major attack revealing that true preparedness was merely an illusion.
