Semperis has announced today the release of their study, The State of Enterprise Cyber Crisis Readiness, which highlights a dangerous gap between perceived readiness and real-world response capabilities.
“Cyberattacks don’t check your calendar — they hit when you’re at your weakest,” said Marty Momdjian, Semperis EVP, Ready1. “In moments of crisis, it’s not about rising to the occasion, but falling back on the strength of your preparation.”
Key Findings: The Crisis Within the Crisis
Based on a global survey of 1,000 organizations across the US, UK, Europe, Asia Pacific, and multiple industries, the report reveals a sobering reality:
- 96% of companies say they have a cyber crisis response plan
- Yet 71% experienced at least one high-impact cyber event that halted critical business functions last year
- 36% of organizations experienced multiple high-impact events — with rates even higher in Singapore (53%) and the US (52%).
- 90% activated their enterprise crisis response plan at least once in the past year — some more than 25 times
- Only 10% report no blockers during incident response
Despite frequent testing, most organizations are not battle-ready due to disjointed processes, poor coordination, and tool sprawl. Surprisingly, staffing shortages ranked last on the list of blockers.
Top 5 blockers to effective cyber response:
- Cross-team communication gaps
- Out-of-date response plans
- Unclear roles and responsibilities
- Too many disparate tools
- Staffing shortages
Staffing shortages were listed as the biggest blocker only in Italy and New Zealand. In the US, incident responders ranked outdated response plans and cross-team communications gaps as the biggest blockers. In France and Germany, tool sprawl was the biggest blocker. Cross-team communications gaps was also the top blocker in the UK, Australia, Singapore, and Spain.
IT/telecom industries experienced the most high-impact cyber events, followed by energy, travel/transportation, education, and healthcare.
“In today’s cyber threat landscape, the ability to respond swiftly and decisively is just as critical as prevention,” said Chris Inglis, the first US National Cyber Director and Semperis Strategic Advisor. “Companies need a command center for crisis management, ensuring organizations have the playbook, the training, and the coordination needed to turn chaos into control.”
To read the full report click here.
