 |
| Source: Cyber Resilience Insights infographic for Asia Pacific and Japan. While the majority of organisations are focused on preventing attacks, the minority have a comprehensive platform for threat detection, and slightly over four in 10 successfully contained and recovered from a real or simulated attack. |
According to Dell, there’s a gap between what organisations believe they can recover from and what they can actually recover from. That gap has a cost, and like all unaddressed liabilities, it compounds over time.
This is what Dell Technologies terms resilience debt, the accumulation of operational risk created when recovery readiness does not keep pace with the growing complexity and sophistication of cyberthreats. The newly-expanded Dell Global Cyber Resilience Insights research further indicates this debt is widespread and accelerating.
On paper, global organisations often appear confident in their cyber resilience, with nearly 99% of survey participants reporting a formal cyber resilience strategy. However, the research findings reveal a more complicated reality. Despite this stated confidence, 74% of IT leaders in Asia-Pacific and Japan believe their executives are overestimating readiness. That mismatch isn’t an abstract philosophical disagreement – it’s a leading indicator of resilience debt, Dell said.
The problem is when leaders believe they are more prepared than they are, they stop asking the deeper operational questions:
• When was the last recovery test?
• Did the company validate our backups – or just assume they’re clean?
• Has the organisation tried restoring in a Zero-Trust or clean-room environment?
• Is it protecting the recovery path with the same rigour as the production path?
When these questions go unasked, recovery readiness decays instead of being refreshed, and resilience debt accumulates, Dell said. Based on global results, Dell observed several patterns that create resilience debt:
Testing frequency declines, but risk increases
Organisations that test recovery monthly or more achieve a 61% success rate. The longer organisations go without testing, the wider the resilience gap grows – quietly, predictably, and dangerously.
Backups age into “assumed trust”
Global respondents admit that attackers increasingly target backup systems – corrupting snapshots, manipulating catalogues, and exploiting configuration drift. Yet many organisations still treat backups as sacred and immutable, rather than as assets requiring testing and validation.
Documentation stays static while environments change
Playbooks age. Personnel turnover. Infrastructure evolves. But resilience plans often lag by months – sometimes years. Every change that isn’t reflected in the recovery strategy adds to resilience debt.
Prevention overshadows recovery preparedness
Nearly eight in 10 (78%) of global organisations invest more in preventing attacks than in preparing to recover from them. That imbalance leaves recovery underfunded, untested, and underprioritised – even as attackers shift upstream to compromise recovery paths directly. Prevention-only strategies don’t eliminate resilience debt; they accelerate it.
Resilience debt is more dangerous than security debt, Dell emphasised. Security debt (unpatched vulnerabilities, outdated controls) is widely recognised, but resilience debt remains hidden until the worst possible moment: when the organisation actually needs to recover. At that stage:
• It’s too late to test.
• Too late to update playbooks.
• Too late to discover corrupted backups.
• Too late to improvise new recovery workflows.
Resilience debt reveals itself suddenly – through extended downtime, missed recovery time objectives (RTOs) and recovery point objectives (RPOs), and recovery failures that catch leaders off guard, Dell pointed out. Dell’s global research shows that 55% of organisations did not recover as effectively as planned during their most recent incident or drill, highlighting the pervasive impact of resilience debt.
Dell said resilience debt is a tangible risk, but it’s not irreversible. The company has consistently observed one pattern: the organisations that treat recovery as a strategic capability – not an operational afterthought – dramatically outperform those that don’t. To reverse resilience debt, mature organisations are now:
• Building isolated cyber vaults to protect critical data from ransomware and insider compromise
• Using automated validation and AI/machine learning (ML)-driven clean restore techniques to ensure recovery points are usable
• Running routine recovery tests that simulate real-world adversarial conditions
• Treating resilience as a board-level initiative – not simply a technical workflow
• Balancing investments evenly between cyber prevention and cyber recovery
Organisations with mature resilience programmes not only recover effectively, but also operate with more confidence. They innovate more freely, embrace transformation more aggressively and trust their infrastructure because it has been validated. When resilience debt is addressed, cyber resilience becomes more than a safety measure; it becomes a competitive advantage, Dell concluded.
Explore
To explore the global research findings and identify where resilience debt may be impacting their organisation, visit the Cyber Resilience Insights page at https://www.dell.com/en-sg/lp/cyber-resilience-insights
No comments:
Post a Comment