Home »  Editorial Desk »  cohesity-global-research-finds-indian-organisations-with-cyber-resilience-gap-strong-on-defence-weak-on-recovery

Cohesity Global Research Finds Indian Organisations with Cyber Resilience Gap: Strong on Defence, Weak on Recovery

Almost half of the Companies have a cyber resilience strategy that requires improvement

 

INDIA – November 2025 – A new global study by Cohesity, a leader in AI-powered data security and resilience, shows that despite widespread adoption of cyber resilience strategies in India, about 50% of organisations have gaps that need addressing.

The ‘Risk-Ready or Risk-Exposed: The Cyber Resilience Divide’ report, which was polled from 3,200 IT and security decision-makers in eleven countries, reveals the reality of the resilience divide – highlighting that while cyber threats are escalating in both volume and complexity, many organisations remain ill-equipped to respond effectively. This disconnect is leading to measurable business impact—financially, operationally, and reputationally—amid misplaced confidence in their cyber resilience.

According to respondents, companies’ cyber resilience strategies are under mounting pressure amid a worsening threat environment. 61% of Indian respondents confirmed their organisation had experienced a cyberattack with material impact[1] in the past 12 months. Results indicate that data recovery remains a significant challenge in India, almost all (99%) of Indian respondents said it takes their organisations more than 24 hours to restore data from backups after a cyberattack, with 12% needing at least a week.

Ransom Payments Persist with Cybercriminals Cashing In

The business impact is undeniable. Over eight in ten Indian organisations (83%) paid a ransom after a cyberattack in the past year, while 32% have paid ransom(s) of US$1,000,000/ Rs. 8,87,00,000 or higher.

This underscores that resilience gaps directly translate into financial and reputational damage.

Resilience as Competitive Advantage

True resilience depends on the practices and capabilities that back them up. However, when assessed against real-world performance criteria, only 10% of organisations in India demonstrate maturity across five essential areas: data protection, data recovery, threat detection and investigation, application resilience, and data risk optimisation.

“Cyber resilience is critical. While many organisations express strong confidence in their cyber resilience[2] strategies and capabilities, the reality tells a different story — most have paid or would pay a ransom, suggesting that many overestimate their true level of resilience. The vast majority remain unprepared for what happens after the breach. Confidence runs high, but reality lags — most organisations have paid or would pay a ransom, and many are still unprepared for the aftermath of a breach,” said Mayank Mishra, regional director, sales, India & SAARC, Cohesity.

The Key Hurdles Teams Faced

Amongst the top challenges experienced during a cyberattack was the inability to communicate or coordinate internally when critical systems — such as email, collaboration tools, and ticketing platforms — were down. This was on par with challenges where security tools were evaded and backups were targeted. Both were cited by 49% of respondents in India. 47% stated that there was pressure from leadership to restore systems before the attack was remediated.

Two-thirds (66%) of Indian organisations admitted to gaps in cross-functional coordination — particularly between IT, security, legal, and business operations — during a cyberattack.

GenAI Adoption Accelerates Beyond Risk Tolerance

The study additionally highlights a parallel challenge. As enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption. Eighty-five percent of Indian IT and security leaders said GenAI is advancing faster than their organisations can safely manage risks. Yet most also recognise its transformative potential to improve detection, response, and recovery.

“In India, the importance of cyber resilience cannot be overstated,” said Mayank. “Organisations can no longer rely on traditional disaster recovery approaches alone. The evolving threat landscape calls for a proactive strategy that focuses on resilience across five key areas: data protection, data recovery, threat detection and investigation, application resilience, and data risk posture optimisation. Equally important is the adoption of automated response and recovery solutions, which help minimise downtime, limit operational and financial impact, and enable businesses to bounce back swiftly and confidently when cyberattacks occur.”

See Cohesity’s five-step action plan for practical steps to strengthen cyber resilience.

About the Research 

Findings are based on a survey of 3,200 IT and security decision makers commissioned by Cohesity and conducted by Vanson Bourne in September 2025. Respondents represent organisations in the US, Brazil, UK, Germany, France, UAE, Australia, South Korea, Japan, India, and Singapore. The organisations had 1,000 or more employees and came from a range of public and private sectors. 

About Cohesity 

Cohesity protects, secures, and provides insights into the world’s data. As the leader in AI-powered data security, Cohesity helps organisations strengthen resilience, accelerate recovery, and reduce IT costs. With Zero Trust security and advanced AI/ML, Cohesity Data Cloud is trusted by customers in more than 140 countries, including 70% of the Global 500. Cohesity is also backed by industry leaders such as NVIDIA, Amazon, Google, IBM, Cisco, and HPE. 

Cohesity is certified as a Great Place to Work in multiple countries. Follow Cohesity on LinkedIn and visit www.cohesity.com to learn more.