Red Sift report uncovers the global state of cyber resilience  

By Dr. Sean Costigan, Director of Cyber Policy for Red Sift

As our digital world grows increasingly interconnected and attack tactics and techniques grow both prevalent and more sophisticated, cyber resilience is a requirement for modern organizations. Yet achieving resilience remains elusive for most.

To help organizations achieve cyber resilience, Red Sift conducted a global survey of top executives across diverse industries to better understand the challenges and opportunities they face in safeguarding their digital assets. We released the survey findings today in a new in-depth report, the “State of Cyber Resilience 2023.” Results in the research report underscore the critical role that visibility, information sharing, risk management, emerging frameworks, and regulations play in ensuring organizations remain adaptive and resilient amid today’s rapidly evolving threat landscape.

Key takeaways from the Red Sift cyber resilience research report include: 

Evolving threat landscape

While many large corporations have invested significantly in cybersecurity, small and medium-sized enterprises (SMEs) often need more resources and capacity to onboard expertise to meet changing requirements for cybersecurity, not to mention defend against advanced threats. Findings in the report show that organizations of all sizes are skipping cybersecurity basics. For example, the results from our research suggest that over 40% of the organizations surveyed have yet to prepare written plans to communicate when an incident has occurred. 

Pursuing organizational readiness

Many organizations fall short on consistent, scheduled assessments of cyber risks and vulnerabilities. Periodic audits enable companies to identify and remediate gaps before incidents strike. However, the survey indicates risk assessments are still infrequent for a large portion of firms. More directly, most organizations, regardless of size, are skipping cybersecurity basics. The survey results indicate that a significant number of organizations still need to conduct periodic or consistent risk assessments, leaving them vulnerable to surprise.

Changing regulatory environment

Governments are becoming more proactive in issuing guidance and legislating cyber policies. The global cybersecurity landscape is witnessing considerable transformation through regulatory changes. These regulatory changes force organizations to prioritize data protection, privacy, and risk management. At present, this is having mixed results. In some cases, regulations may be misaligned between countries, creating challenges for multinational corporations even within regulatory blocs like the European Union (EU). The goal, however, is to improve confidence in markets and critical infrastructure by building cyber resilience into the fabric of organizations.

Expanding frameworks

Cybersecurity guidance and frameworks are undergoing dynamic changes to adapt to the evolving threat landscape and the increasing complexity of digital ecosystems. Governments and framework-developing bodies worldwide recognize the importance of a secure digital environment and are taking proactive steps to expand existing frameworks to enhance cyber resilience. As technology advances and organizations become more interconnected, widely adopted frameworks augment their scope to encompass a range of risks and challenges. 

Our research finds notable shifts in the integration of risk-based approaches, emphasizing the need to prioritize security measures based on the potential impact of threats, the need for transparency for stakeholders, and expanding the understanding of cyber as an enterprise-wide risk. As we detail in this report, the U.S., Europe, and industry groups have made significant strides in new frameworks for resilience.

Understanding the criticality of people in cybersecurity

Human factors play a pivotal role in cybersecurity, underscoring the critical interplay between technology and human behavior. Despite technological advancements, humans are both the weakest link and essential component in the security chain. Understanding cognitive biases, promoting critical cybersecurity awareness, and providing judgment-free training is key to mitigating human-related vulnerabilities. As cybersecurity threats evolve, recognizing and addressing the human element is essential for building resilient defense mechanisms that account for the complexities of human behavior within the digital landscape. The global shortage of cybersecurity professionals continues to be greater than three million people worldwide. More challenging still, organizations that suffer serious cybersecurity breaches often see significant numbers of hard-to-replace staff depart.

Considering the complexity and pace of change in modern technological environments and the scale of cybercrime, cyber resilience presents a moving target. 

To quote Red Sift CEO, Rahul Powar, “Proactive cybersecurity is the shield that guards your digital fortress before an adversary strikes. Resilience is what turns setbacks into stepping stones.”

Organizations can begin turning aspiration into action by increasing visibility into their attack surface and prioritizing the protection of their crown jewels while following research-backed recommendations, aligning with frameworks, and complying with regulations. 

You can download the full State of Cyber Resilience 2023 report here.

PUBLISHED BY

Sean Costigan

16 Nov. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Certificates

TLS certificates are changing: What you need to know

Red Sift

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more
DKIM

The hidden threat: How misconfigured DKIM enables replay attacks

Red Sift

Email authentication isn’t just an IT concern. It protects your brand and customers. A single misstep can let attackers spoof your domain, send phishing emails, and destroy customer trust. One of the most dangerous methods? The DKIM replay attack. In this post, we’ll break down how undersigned DKIM keys and related misconfigurations open your…

Read more
BIMI

Why DMARC and BIMI are a business priority

Jack Lilley

Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.…

Read more
ASM

Zoom stops zooming: Why active monitoring is essential

Billy McDiarmid

​On April 16, 2025, Zoom experienced a significant global outage that disrupted video conferencing services and access to its website for thousands of users, as well as their corporate email for all their employees. It was quickly identified as a domain name registration status problem. Despite being a critical name for Zoom, somehow, the…

Read more