A study by Cohesity shows the financial ripple effects of cyberattacks now extend well beyond operational disruption, reshaping boardroom priorities, financial planning, and growth strategy.
According to the report, “Risk-Ready or Risk-Exposed: The Cyber Resilience Divide,” nearly three-quarters of organizations (76%) have experienced at least one material cyberattack—defined in the survey as an incident that caused measurable financial, reputational, operational, or customer churn impact.
- 70% of publicly traded companies reported adjusting earnings or financial guidance after an attack.
- 68% said they observed an impact on their stock price.
- 73% of privately held firms redirected budgets from innovation and growth initiatives.
- 92% reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.
“These findings show that cyberattacks now touch every part of an organization, testing even the most well-prepared as aftershocks spread beyond technical recovery,” said Sanjay Poonen, chief executive officer and president, Cohesity.
“When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”
A new financial reality for cyber resilience
While only a small number of public companies have formally disclosed changes to earnings guidance following a cyber incident, the high percentages seen in this research indicate that respondents view material cyberattacks as producing broader financial strain and operational consequences than what public filings typically capture.
This disconnect between market perception and organizational reality is likely influenced by limited disclosure requirements, narrow investor definitions of materiality, and the underestimation of intangible losses such as brand trust, customer churn, supply chain impacts, and decreases in productivity.
The research also points to a shift in how enterprises treat cyber risk. While prevention and detection remain priorities, the true differentiator lies in how quickly organizations can recover with confidence and how effectively leaders can reassure markets, regulators, and customers after an incident. Nearly half of surveyed leaders (47%) expressed complete confidence in their resilience strategies, even as costly attacks continue to produce measurable financial fallout.
GenAI adoption accelerates beyond risk tolerance
The study additionally highlights a parallel challenge. As enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption.
Eighty-one percent (81%) of IT and security leaders said GenAI is advancing faster than their organizations can safely manage risks. Yet most also recognize its transformative potential.
“Organizations are confronting the AI and security paradox,” said Poonen. “On one hand, AI will transform virtually every aspect of business operations. On the other, this research shows that most IT leaders fear adoption is outpacing their risk tolerance.
“The path forward begins with AI-ready data that is trusted, protected, and resilient. It forms the infrastructure cornerstone for responsible AI, enabling organizations to innovate confidently without increasing exposure.”
Resilience as competitive advantage
Cohesity’s findings underscore that cyber resilience is fundamental to financial health, leadership, and customer confidence. The organizations that outperform competitors today and in the future are those that can recover faster, remove threats, and maintain stakeholder trust when the inevitable disruptions occur.
