By Matthew Sellers
A dazzling array of digital defences may give British firms confidence, but a new global survey shows that too many are still rebuilding their systems – and their reputations – after major cyberattacks. For insurers, the gulf between resilience and exposure is becoming an underwriting fault line.
A new Global Cyber Resilience Report by data-management specialist Cohesity has revealed a troubling truth: as cyberattacks become a daily feature of modern business life, the ability to recover from them is not keeping pace.
“These high-impact attacks are no longer isolated incidents,” the report noted. “Even the world’s most sophisticated enterprises are suffering crippling disruptions that ripple from IT to the boardroom – and beyond.”
Nearly half of respondents (47%) said they were completely confident in their firm’s resilience strategy – a confidence Cohesity calls “in sharp contrast to the significant material impacts many of these same organisations have sustained.”
Read next: UK officially unveils cyber security and resilience bill to counter rising threats
For UK insurers already grappling with rising claim frequency and the cost of business-interruption extensions, such figures suggest that cyber risk remains chronically underestimated at the operational level.
The study found that while most companies back up sensitive data, they rarely do so in a unified way. Only 39% use a single platform to protect all workloads, and fewer than half follow the basic “3-2-1” backup rule.
Cohesity’s analysts describe the sector’s defences as “fragmented”, warning that inconsistent protection “compromises visibility, exposes data, and complicates response and recovery efforts.”
That fragmentation presents a challenge for underwriters. A single missing control in a global organisation’s network could transform a manageable breach into a systemic event, triggering claims across multiple policies.
The good news: detection tools are improving. Almost half of firms automatically identify attacks through their own systems.
The bad news: recovery remains inconsistent. Just half of organisations create isolated environments to restore data safely, while many rush to bring systems back online before full verification, leaving the door open for reinfection.
Read next: Cyber insurance claims surge 230% in the UK
Cohesity warns that such haste is often fuelled by executive pressure to resume operations – a dynamic that insurers recognise as the breeding ground for repeat incidents and prolonged loss adjustment.
Across the five pillars of the NIST Cybersecurity Framework – Identify, Protect, Detect, Respond and Recover – spending remains skewed toward the first three.
“Detection and containment capabilities are improving,” the report concludes, “but gaps in coordinated response, clean recovery, and post-incident assurance persist.
That misallocation is costing firms dearly. For insurers, it means the difference between a straightforward claim and a multimillion-pound exposure that drags through litigation and regulatory review.
Nearly all respondents view AI and automation as the next frontier in cyber defence. Tools powered by machine learning are credited with faster detection and better threat-hunting, and by 2026, more than half of organisations expect AI to augment human analysts. A further 37% believe AI will take on partial autonomy in detection and response.
Read next: UK faces four major cyberattacks weekly
But technology alone won’t solve structural weakness. Only 6% of organisations reached Cohesity’s “most mature” stage – where data protection is fully integrated, backup is immutable, and recovery is both isolated and verified.
For the UK insurance industry, the message is clear. Cyber cover is no longer just about preventing the breach; it’s about verifying the rebound.
Underwriters may soon demand documented proof of isolated, tamper-proof recovery environments and multi-factor administrative controls before binding large-limit policies.
Brokers, meanwhile, have an opportunity to position themselves as resilience advisers – helping clients close the gaps that might otherwise lead to coverage disputes. Some are already exploring parametric or resilience-linked covers, where payout is tied to recovery speed rather than loss valuation.
In its closing note, Cohesity reframes resilience as more than a security measure. “When disruption is virtually inevitable,” the report concludes, “resilience isn’t just protection; it’s performance.”
For insurers, that line could soon become both a sales pitch and a warning: in a world where every business is a digital business, those that recover fastest may not just survive — they may also be the only ones left insurable.
At a glance: key data points