{"id":556,"date":"2026-06-22T07:00:40","date_gmt":"2026-06-21T21:00:40","guid":{"rendered":"https:\/\/qld.cybersafebusiness.au\/index.php\/2026\/06\/22\/why-many-organisations-are-struggling-to-recover-from-cyber-attacks-and-what-resilience-debt-rea\/"},"modified":"2026-06-22T07:00:40","modified_gmt":"2026-06-21T21:00:40","slug":"why-many-organisations-are-struggling-to-recover-from-cyber-attacks-and-what-resilience-debt-rea","status":"publish","type":"post","link":"https:\/\/qld.cybersafebusiness.au\/index.php\/2026\/06\/22\/why-many-organisations-are-struggling-to-recover-from-cyber-attacks-and-what-resilience-debt-rea\/","title":{"rendered":"Why Many Organisations Are Struggling to Recover from Cyber Attacks \u2014 and What \u201cResilience Debt\u201d Rea"},"content":{"rendered":"<p>When organisations talk about cybersecurity, the focus is often on prevention \u2014 stopping attacks before they happen. But a recent research report suggests there\u2019s a growing gap between how much organisations invest in preventing cyber attacks and how well they can recover when something does go wrong.<\/p>\n<p>This gap has a name: resilience debt.<\/p>\n<p>According to new research from Dell Technologies, many organisations believe they are prepared to recover from a cyber incident \u2014 but in practice, that confidence doesn\u2019t always hold up.<\/p>\n<h2>What Is \u201cResilience Debt\u201d?<\/h2>\n<p>Dell uses the term resilience debt to describe the difference between:<\/p>\n<ul>\n<li>How ready organisations think they are to recover from a cyber attack, and\n<\/li>\n<li>How effectively they can actually restore systems, data, and operations under real conditions\n<\/li>\n<\/ul>\n<p>This mismatch can leave organisations more exposed than they realise, particularly as attackers increasingly target backup and recovery systems \u2014 not just production environments.<\/p>\n<p>When recovery plans aren\u2019t tested regularly, documentation falls behind real infrastructure changes, or backup systems aren\u2019t monitored closely, recovery capability slowly erodes. The problem often isn\u2019t visible until an incident occurs.<\/p>\n<h2>Why This Issue Is More Pronounced in Australia<\/h2>\n<p>The research suggests that Australian organisations may be feeling this gap more acutely than many of their global peers.<\/p>\n<p>Dell found that 26% of Australian respondents said their organisation had a structured recovery plan but still struggled to contain or recover from a cyber incident. Globally, that figure was 19%.<\/p>\n<p>Complexity appears to be a major contributing factor. 58% of Australian respondents said complex IT environments make it difficult to improve cyber resilience, compared with 54% globally. As environments grow more hybrid and distributed, recovery becomes harder to coordinate and validate.<\/p>\n<h2>Backup Systems: A Critical Weak Point<\/h2>\n<p>One of the most striking findings relates to backup and archival systems.<\/p>\n<p>Dell reported that 44% of Australian respondents believe gaps in monitoring backup or archival data pose the greatest risk to their IT environment \u2014 significantly higher than the global figure of 30%.<\/p>\n<p>Despite this, many organisations still rely on traditional backup approaches as their primary defence against ransomware. In Australia, 48% of respondents said they depend on traditional backups to protect critical data, compared with 36% globally.<\/p>\n<p>The challenge is that attackers increasingly understand this dependency and actively target backup systems, knowing that successful disruption can turn a cyber incident into a prolonged outage.<\/p>\n<h2>Detection and Recovery Are Still Lagging<\/h2>\n<p>The research also highlights gaps in how organisations detect and respond to advanced threats.<\/p>\n<p>Dell found that 8% of Australian organisations still rely on manual or signature-based detection methods \u2014 such as traditional SIEM \u2014 to identify novel attacks. While these tools have value, they are often slow to adapt to new techniques and may not detect modern, automated threats quickly enough.<\/p>\n<p>At the same time, 76% of Australian organisations reported investing more in preventing attacks than in preparing to recover from them. Dell described this as a structural imbalance that leaves recovery capabilities underfunded and less frequently tested.<\/p>\n<h2>When Recovery Plans Don\u2019t Work as Expected<\/h2>\n<p>Globally, Dell reported that 56% of organisations did not recover as effectively as planned during their most recent incident or recovery drill.<\/p>\n<p>The company linked this to infrequent testing, outdated documentation, and recovery systems that sit outside routine monitoring. Over time, these gaps widen \u2014 particularly as infrastructure changes and threat techniques evolve.<\/p>\n<p>Recovery readiness, Dell argues, is not something that stays strong on its own. Without regular validation, it naturally declines.<\/p>\n<h2>A Gap Between Executives and IT Teams<\/h2>\n<p>Another key finding relates to confidence at the leadership level.<\/p>\n<p>Dell reported that 68% of Australian IT leaders believe their executives overestimate their organisation\u2019s recovery readiness. This disconnect can weaken governance, as leaders may not demand evidence that recovery plans actually work under real-world conditions.<\/p>\n<p>Dell positions this misalignment as an early indicator of resilience debt \u2014 confidence without verification.<\/p>\n<h2>What More Mature Organisations Are Doing Differently<\/h2>\n<p>According to Dell, organisations with stronger resilience treat recovery as a strategic discipline, not just a technical task.<\/p>\n<p>These organisations tend to:<\/p>\n<ul>\n<li>Run regular recovery tests that reflect realistic, adversarial scenarios\n<\/li>\n<li>Validate backups and restore points rather than assuming they work\n<\/li>\n<li>Isolate critical recovery assets from production environments, sometimes using cyber vaults\n<\/li>\n<li>Use automation and advanced techniques to validate clean restores\n<\/li>\n<\/ul>\n<p>The common theme is frequency, validation, and separation \u2014 reducing assumptions and increasing confidence through evidence.<\/p>\n<h2>A CSB Perspective<\/h2>\n<p>At CSB, we see resilience debt as a very real and growing challenge. Many organisations have invested heavily in security controls at the front door, but far less in ensuring they can recover quickly if that door is breached.<\/p>\n<p>Cyber resilience isn\u2019t just about stopping attacks \u2014 it\u2019s about how quickly and confidently you can resume operations when prevention fails, as it inevitably will at some point.<\/p>\n<p>Strong recovery capability requires the same discipline as prevention: visibility, testing, ownership, and regular review. Without that, resilience debt quietly accumulates \u2014 and only becomes visible when it\u2019s too late.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When organisations talk about cybersecurity, the focus is often on prevention \u2014 stopping attacks before they happen. But a recent research report suggests there\u2019s a growing gap between how much [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":555,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-556","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=556"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/556\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/555"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}