A new global study by Cohesity shows the financial ripple effects of cyberattacks now extend well beyond operational disruption, reshaping boardroom priorities, financial planning, and growth strategy.
According to the report, “Risk-Ready or Risk-Exposed: The Cyber Resilience Divide,” nearly three-quarters of organisations (76%) have experienced at least one material cyberattack—defined in the survey as an incident that caused measurable financial, reputational, operational, or customer churn impact.
- 70% of publicly traded companies reported adjusting earnings or financial guidance after an attack
- 68% said they observed an impact on their stock price
- 73% of privately held firms redirected budgets from innovation and growth initiatives
- 92% reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions
Sanjay Poonen, chief executive officer and president, Cohesity, comments:
“These findings show that cyberattacks now touch every part of an organization, testing even the most well-prepared as aftershocks spread beyond technical recovery. When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”
A New Financial Reality for Cyber Resilience
While only a small number of public companies have formally disclosed changes to earnings guidance following a cyber incident, the high percentages seen in this research indicate that respondents view material cyberattacks as producing broader financial strain and operational consequences than what public filings typically capture.
This disconnect between market perception and organisational reality is likely influenced by limited disclosure requirements, narrow investor definitions of materiality, and the underestimation of intangible losses such as brand trust, customer churn, supply chain impacts, and decreases in productivity.
The research also points to a shift in how enterprises treat cyber risk. While prevention and detection remain priorities, the true differentiator lies in how quickly organisations can recover with confidence and how effectively leaders can reassure markets, regulators, and customers after an incident.
GenAI Adoption Accelerates Beyond Risk Tolerance
The study additionally highlights a parallel challenge. As enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption. Eighty-one percent (81%) of IT and security leaders said GenAI is advancing faster than their organizations can safely manage risks. Yet most also recognize its transformative potential.
Sanjay Poonen, Cohesity’s CEO continues:
“Organizations are confronting the AI and security paradox. On one hand, AI will transform virtually every aspect of business operations. On the other, this research shows that most IT leaders fear adoption is outpacing their risk tolerance. The path forward begins with AI-ready data that is trusted, protected, and resilient. It forms the infrastructure cornerstone for responsible AI, enabling organizations to innovate confidently without increasing exposure.”
Resilience as Competitive Advantage
Cohesity’s findings underscore that cyber resilience is fundamental to financial health, leadership, and customer confidence. The organisations that outperform competitors today and in the future are those that can recover faster, remove threats, and maintain stakeholder trust when the inevitable disruptions occur.
