When organisations talk about cybersecurity, the focus is often on prevention — stopping attacks before they happen. But a recent research report suggests there’s a growing gap between how much organisations invest in preventing cyber attacks and how well they can recover when something does go wrong.
This gap has a name: resilience debt.
According to new research from Dell Technologies, many organisations believe they are prepared to recover from a cyber incident — but in practice, that confidence doesn’t always hold up.
What Is “Resilience Debt”?
Dell uses the term resilience debt to describe the difference between:
- How ready organisations think they are to recover from a cyber attack, and
- How effectively they can actually restore systems, data, and operations under real conditions
This mismatch can leave organisations more exposed than they realise, particularly as attackers increasingly target backup and recovery systems — not just production environments.
When recovery plans aren’t tested regularly, documentation falls behind real infrastructure changes, or backup systems aren’t monitored closely, recovery capability slowly erodes. The problem often isn’t visible until an incident occurs.
Why This Issue Is More Pronounced in Australia
The research suggests that Australian organisations may be feeling this gap more acutely than many of their global peers.
Dell found that 26% of Australian respondents said their organisation had a structured recovery plan but still struggled to contain or recover from a cyber incident. Globally, that figure was 19%.
Complexity appears to be a major contributing factor. 58% of Australian respondents said complex IT environments make it difficult to improve cyber resilience, compared with 54% globally. As environments grow more hybrid and distributed, recovery becomes harder to coordinate and validate.
Backup Systems: A Critical Weak Point
One of the most striking findings relates to backup and archival systems.
Dell reported that 44% of Australian respondents believe gaps in monitoring backup or archival data pose the greatest risk to their IT environment — significantly higher than the global figure of 30%.
Despite this, many organisations still rely on traditional backup approaches as their primary defence against ransomware. In Australia, 48% of respondents said they depend on traditional backups to protect critical data, compared with 36% globally.
The challenge is that attackers increasingly understand this dependency and actively target backup systems, knowing that successful disruption can turn a cyber incident into a prolonged outage.
Detection and Recovery Are Still Lagging
The research also highlights gaps in how organisations detect and respond to advanced threats.
Dell found that 8% of Australian organisations still rely on manual or signature-based detection methods — such as traditional SIEM — to identify novel attacks. While these tools have value, they are often slow to adapt to new techniques and may not detect modern, automated threats quickly enough.
At the same time, 76% of Australian organisations reported investing more in preventing attacks than in preparing to recover from them. Dell described this as a structural imbalance that leaves recovery capabilities underfunded and less frequently tested.
When Recovery Plans Don’t Work as Expected
Globally, Dell reported that 56% of organisations did not recover as effectively as planned during their most recent incident or recovery drill.
The company linked this to infrequent testing, outdated documentation, and recovery systems that sit outside routine monitoring. Over time, these gaps widen — particularly as infrastructure changes and threat techniques evolve.
Recovery readiness, Dell argues, is not something that stays strong on its own. Without regular validation, it naturally declines.
A Gap Between Executives and IT Teams
Another key finding relates to confidence at the leadership level.
Dell reported that 68% of Australian IT leaders believe their executives overestimate their organisation’s recovery readiness. This disconnect can weaken governance, as leaders may not demand evidence that recovery plans actually work under real-world conditions.
Dell positions this misalignment as an early indicator of resilience debt — confidence without verification.
What More Mature Organisations Are Doing Differently
According to Dell, organisations with stronger resilience treat recovery as a strategic discipline, not just a technical task.
These organisations tend to:
- Run regular recovery tests that reflect realistic, adversarial scenarios
- Validate backups and restore points rather than assuming they work
- Isolate critical recovery assets from production environments, sometimes using cyber vaults
- Use automation and advanced techniques to validate clean restores
The common theme is frequency, validation, and separation — reducing assumptions and increasing confidence through evidence.
A CSB Perspective
At CSB, we see resilience debt as a very real and growing challenge. Many organisations have invested heavily in security controls at the front door, but far less in ensuring they can recover quickly if that door is breached.
Cyber resilience isn’t just about stopping attacks — it’s about how quickly and confidently you can resume operations when prevention fails, as it inevitably will at some point.
Strong recovery capability requires the same discipline as prevention: visibility, testing, ownership, and regular review. Without that, resilience debt quietly accumulates — and only becomes visible when it’s too late.
