The unrealistic expectations of UK CEOs in cyberattack recovery

According to research conducted by Cohesity in partnership with OnePoll, UK CEOs anticipate quick recovery from cyberattacks but lack clarity on decision-making roles, affecting rapid response and recovery.

UK CEOs appear to hold high expectations for cyberattack detection and recovery timelines, according to research conducted by Cohesity in partnership with OnePoll.

A majority of CEOs (67%) expect to be notified of a security breach within 30 minutes. In terms of recovery, over half (52%) expect basic business operations to resume within one day.

There are also potential implications for leadership accountability. More than 80% of CEOs indicate that the senior person responsible could face career consequences if they do not ensure a rapid recovery or effectively manage the longer-term impact of a cyberattack. Additionally, 20% associate responsibility for long-term business impact directly with the CEO role.

The research also highlights variation in expectations and decision-making during incident response. There is often no single agreed owner for key decisions in a cyberattack response situation, which can contribute to delays or uncertainty in coordination.

Expectations across response stages

Notification of an attack:

  • 26% expect notification within 5–15 minutes
  • 23% within 16–30 minutes
  • 19% within under five minutes

Overall, 67% expect notification within 30 minutes

Resuming basic operations:

  • 14% expect within 1 hour
  • 38% within one day
  • 28% within a few days
  • 11% within a week

Returning to full operations:

  • 14% expect within one day
  • 30% within a few days
  • 21% within one week
  • 15% within a few weeks

Despite these expectations, real-world cyber incidents often take several months before full operational capability is restored.

Clarity of leadership roles

Responsibility for initial incident response varies across organisations. CEOs reported expecting initial communication or coordination from:

  • Security Advisory Board (25%)
  • CTO (21%)
  • CISO (21%)

In terms of decision-making authority during recovery, responsibility is also distributed:

  • Board as a whole (23%)
  • CTO (21%)
  • CEO (20%)
  • Security Advisory Board (14%)

AI risk and governance responsibilities

Responsibility for AI cybersecurity and governance is similarly spread across multiple executive roles. The CTO is most commonly identified as the lead for AI cybersecurity (41%), followed by the CISO (31%), CIO (29%), CSO (26%), and Chief AI Officer (22%).

For AI policy management, responsibility is also divided, with CIOs responsible in 30% of organisations, while CTOs are responsible for AI security in 41%. In some cases, the role responsible for restoring AI systems differs from the role overseeing their day-to-day governance.

An examination of how Atlassian’s Rovo and Teamwork Graph introduce AI-driven automation into...
Perforce Software has introduced updates to its DevOps tech stack, adding new tools for AI...
CoreWeave partners with Conapto to strengthen its AI infrastructure in Stockholm, powered by...
Toby Weiss steps in as CEO of Securonix, aiming to enhance security operations amid evolving...
AI adoption in workplaces is accelerating but employees lag in readiness, revealing a pressing need...
Schneider Electric partners with Foxconn to develop AI data centres, aiming for speed, efficiency,...
Kyndryl extends its partnership with AWS to support global AI adoption.
Lenovo's new Hybrid AI Advantage introduces AI innovations that aim to enhance deployment...