Companies forced to make financial changes after a cyberattack
A new study from Cohesity finds 70 percent of publicly traded companies have reported adjusting earnings or financial guidance after a cyberattack.
Among the impacts 68 percent say they observed an impact on their stock price, while 73 percent of privately held firms redirected budgets from innovation and growth initiatives.
In addition 92 percent reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.
“These findings show that cyberattacks now touch every part of an organization, testing even the most well-prepared as aftershocks spread beyond technical recovery,” says Sanjay Poonen, chief executive officer and president at Cohesity. “When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”
The research also points to a shift in how enterprises treat cyber risk. While prevention and detection remain priorities, the true difference lies in how quickly organizations can recover with confidence and how effectively leaders can reassure markets, regulators, and customers after an incident. Nearly half of surveyed leaders (47 percent) expressed complete confidence in their resilience strategies, even as costly attacks continue to produce measurable financial fallout.
The study also highlights a parallel challenge. As enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption. 81 percent of IT and security leaders said GenAI is advancing faster than their organizations can safely manage risks. Yet most also recognize its broader transformative potential.
“Organizations are confronting the AI and security paradox,” adds Poonen. “On one hand, AI will transform virtually every aspect of business operations. On the other, this research shows that most IT leaders fear adoption is outpacing their risk tolerance. The path forward begins with AI-ready data that is trusted, protected, and resilient. It forms the infrastructure cornerstone for responsible AI, enabling organizations to innovate confidently without increasing exposure.”
You can find Cohesity’s action plan for strengthening cyber resilience on the company’s site.
Image credit: Valeriya Ignatenko/Dreamstime.com