Protect and secure your data from cyber attacks
Data Protection
Data Security
Data Insights
The 5 Steps to Cyber Resilience
Cloud & SaaS
Enterprise
Industries
New WEF report validates Cohesity’s research that cyber resilience is vital for reducing business risk and advancing society.
As global leaders meet this week at the World Economic Forum (WEF)'s annual meeting in Davos, Switzerland, it’s not surprising that AI and geopolitics are making headlines. It’s encouraging that another key issue is taking center stage—cyber resilience. In its annual Global Cybersecurity Outlook 2026 report, WEF calls cyber resilience “an economic and societal imperative," stressing that organizations that fail to build true resilience may not simply experience disruption but also struggle to remain viable. As part of an organization on the frontlines helping thousands of organizations become more cyber resilient, I couldn’t agree more.
Cyber resilience goes beyond just recovering data impacted by cyberattacks. It’s also about rebounding quickly from business and technology disruptions. The recent costly cloud and cellular network outages highlight that strengthening a company's resilience posture requires a broad outlook. While resilience was often seen as an operational consideration, something for IT to manage quietly in the background, today it is unmistakably a board-level and even a societal level concern.
Why? Based on our own research, we know that companies have suffered significant material damage from cyberattacks, including lost revenue, prolonged downtime, reputational harm, and regulatory consequences. According to our recent research report, “Risk-ready or risk-exposed: The cyber resilience divide,” we found that almost three-quarters of companies have suffered at least one material impact from a cyberattack, causing measurable financial, reputational, operational, or customer churn impacts. In addition, 92% reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.
But cyber resilience is not just about maintaining technology and reducing business disruption. It’s also about supporting vital critical infrastructure services, such as healthcare, finance, emergency services, and transportation, that our society depends on daily. The urgency for everyone who is part of the value chain helping to deliver these services to act now is real.
No technology is shaping the risk landscape faster than AI. The WEF report notes that nearly every surveyed organization sees AI both as a major driver of transformation and as one of the fastest-growing sources of cyber risk. While AI has potential to accelerate attacks, automate reconnaissance, and amplify misinformation, it can also play a critical role in strengthening resilience.
AI has the potential to automate complex tasks like testing recovery plans, identifying misconfigurations, and evaluating data integrity at scale. For organizations with limited expertise, AI may be the key to deploying mature resilience practices that previously required highly specialized knowledge. Companies will have to not only establish cyber-resilient measures, but also prove, when the time comes, that they can effectively respond to and recover from incidents.
One challenge? There isn’t a single, uniform global standard for cyber resilience. Standards and regulation, for better or worse, are effective in driving action. The European Commission recently proposed a new cybersecurity package to “further strengthen the EU’s cybersecurity resilience and capabilities.” Yet a uniform, regulated standard may not be the answer. The risk in every industry and every geography is different because every business has different crown jewels, different threats, and different ways of operating.
Yet, based on Cohesity’s work with thousands of organizations around the world, creating a cyber-resilient organization has commonalities. Companies should protect all data. And, in the event of an incident, ensure that their critical data is always recoverable, honing skills through practiced recoveries, and constantly optimizing the business's data risk posture. In addition, development and operations teams should design resilient applications, and IT and security teams should remain diligent in detecting and investigating threats, using any lessons learned to feed improvements back into the cycle. To learn more, see Cohesity’s five-step, practical action plan to strengthen resilience.
The WEF report shows that more organizations are taking the issue seriously: 83% of organizations meet or exceed their minimum cyber resilience requirements, up from 76% in 2024. Much of this evolution is likely learned the hard way. Yet the numbers also highlight an important truth: Everyone invests significantly after a bad thing happens; no one spends more money on security than a company after they've been breached.
Leaders know they have work to do. They are increasingly aware of the gaps, their vulnerabilities, and the consequences of delayed action. They know that becoming "fully resilient" is not possible, but part of the journey. It’s time to rethink their cyber risk, revisit their assumptions, and recognize that resilience is not solely a technical function—it's a cultural commitment. If resilience is not yet on your organization's strategic agenda, put it there. If it’s already there, double down. Above all, embrace resilience as a journey, one which could define whether your company faces outages in the future or minimizes disruption to pass the competition. Pick a methodology and framework that works for you, implement it, operate it, and approach it with a mindset of continuous improvement.
Written By
Rob Sadowski
VP, Product Marketing
