Cyber teams unready for major attack, Sygnia finds

Sygnia has published a survey finding that 73% of senior cyber security decision-makers do not believe their organisations are fully ready for a major cyber attack, even though 99% say they have formal incident response plans in place.

The report is based on a global survey of more than 600 senior cyber security decision-makers. It found that 76% of organisations had experienced at least one cyber attack in the previous 12 months, while 32% had suffered more than one.

The figures point to a gap between written plans and operational confidence. Respondents cited organisational friction, weak visibility across technology environments and a broader mix of threats as the main reasons they felt unprepared.

Coordination Strain

The survey found that 90% of respondents expect difficulties coordinating key stakeholders during an attack. Another 89% cited limited executive or board involvement in incident response readiness and decision-making, while 75% said legal and communications processes could slow decisions.

The pattern was more pronounced in some sectors. In private healthcare, 86% reported legal and communications challenges, reflecting the heavier regulatory and reputational pressures associated with cyber incidents.

The findings suggest many companies still struggle to turn cyber planning into a coordinated response across management teams. Written plans may exist, but responsibilities, escalation routes and decision rights are often not defined clearly enough to hold up under pressure.

"Incident response must be owned at the security, operational, and executive levels, with defined decision-making roles, pre-agreed escalation pathways, and regular board-level rehearsal," said Guy Segal, chief executive officer of Sygnia. "This report puts a spotlight on a troubling reality in that despite most organizations having an IR strategy in place, there is a clear lack of confidence in both the IR playbook itself as well as organizations' ability to execute in a high-pressure real-world scenario. With the rapid adoption of AI driving both innovation and a larger attack surface, there has never been a more critical time to revisit IR readiness."

Blind Spots

Visibility across systems emerged as another weak point. Nearly 78% of respondents said gaps across areas such as public cloud, software-as-a-service platforms and endpoints could delay the detection or investigation of malicious activity.

Public cloud was named as the biggest blind spot, with 90% raising it as a concern. A further 84% pointed to IT vulnerabilities as a possible route into operational technology and industrial control systems, highlighting concern about the links between office systems and industrial environments.

Those weaknesses carry direct business consequences. Among organisations hit by cyber attacks in the last year, 47% reported operational shutdowns, 41% reported data loss, 41% cited reputational damage and 40% said they had lost revenue.

Threat Mix

The survey found cyber attacks were reported across all sectors, but rates were highest in crypto and decentralised finance at 83%, followed by retail at 79% and manufacturing at 76%. Respondents identified ransomware as the leading concern at 46%, followed by cloud environment breaches at 44%.

Other threats were close behind. Email compromise and data theft were each cited by 37% of respondents, while 35% pointed to supply chain compromise, suggesting security teams are dealing with a broad spread of risks rather than a single dominant threat type.

Sygnia linked part of that expansion to the wider use of artificial intelligence, both as a business tool and as a target. The survey found that adoption of AI in security operations is increasing, but organisations are also having to consider the risks created by AI systems themselves, including misuse through manipulated models and deepfakes.

AI In Response

Almost a third of organisations now report extensive AI use across most or all threat detection and incident response activities, up from 25% a year earlier. By 2027, 63% of respondents expect to be using AI in this way.

Respondents with moderate or extensive AI use were more likely to rate core incident response elements such as documented plans, round-the-clock monitoring and digital forensics as effective. That suggests AI is being used most successfully when it is built into existing workflows rather than treated as a substitute for human decision-making.

At the same time, the adoption of AI cyber security tools is moving faster than efforts to address their security implications. That leaves organisations exposed to new attack routes if governance, oversight and lifecycle management do not keep pace with deployment.

The findings point to a familiar problem in cyber security: companies may have formal plans and growing investment in tools, but incidents still test whether teams can see enough, decide quickly enough and act together. "With AI widening the attack surface, reducing time from initial compromise to impact, and expanding breach exposure time, today's cyber threat landscape demands that organizations be in a continuous state of preparedness as attackers are innovating, scaling and finding new ways to infiltrate, disrupt and extort organizations of all sorts and at all times," said Segal. "However, strengthening detection and response capabilities alone won't resolve the visibility and coordination breakdowns we're seeing stall decision making and containment. Organisations should consider revisiting their approach on a regular basis, including both the use of AI in their cyber defense program and securing AI-driven technology and initiatives, to ensure they have a cross-functional, proactive team in place with visibility across IT/OT and cloud environments, and deep expertise in complex incidents."