Red Sift report uncovers the global state of cyber resilience  

By Dr. Sean Costigan, Director of Cyber Policy for Red Sift

As our digital world grows increasingly interconnected and attack tactics and techniques grow both prevalent and more sophisticated, cyber resilience is a requirement for modern organizations. Yet achieving resilience remains elusive for most.

To help organizations achieve cyber resilience, Red Sift conducted a global survey of top executives across diverse industries to better understand the challenges and opportunities they face in safeguarding their digital assets. We released the survey findings today in a new in-depth report, the “State of Cyber Resilience 2023.” Results in the research report underscore the critical role that visibility, information sharing, risk management, emerging frameworks, and regulations play in ensuring organizations remain adaptive and resilient amid today’s rapidly evolving threat landscape.

Key takeaways from the Red Sift cyber resilience research report include: 

Evolving threat landscape

While many large corporations have invested significantly in cybersecurity, small and medium-sized enterprises (SMEs) often need more resources and capacity to onboard expertise to meet changing requirements for cybersecurity, not to mention defend against advanced threats. Findings in the report show that organizations of all sizes are skipping cybersecurity basics. For example, the results from our research suggest that over 40% of the organizations surveyed have yet to prepare written plans to communicate when an incident has occurred. 

Pursuing organizational readiness

Many organizations fall short on consistent, scheduled assessments of cyber risks and vulnerabilities. Periodic audits enable companies to identify and remediate gaps before incidents strike. However, the survey indicates risk assessments are still infrequent for a large portion of firms. More directly, most organizations, regardless of size, are skipping cybersecurity basics. The survey results indicate that a significant number of organizations still need to conduct periodic or consistent risk assessments, leaving them vulnerable to surprise.

Changing regulatory environment

Governments are becoming more proactive in issuing guidance and legislating cyber policies. The global cybersecurity landscape is witnessing considerable transformation through regulatory changes. These regulatory changes force organizations to prioritize data protection, privacy, and risk management. At present, this is having mixed results. In some cases, regulations may be misaligned between countries, creating challenges for multinational corporations even within regulatory blocs like the European Union (EU). The goal, however, is to improve confidence in markets and critical infrastructure by building cyber resilience into the fabric of organizations.

Expanding frameworks

Cybersecurity guidance and frameworks are undergoing dynamic changes to adapt to the evolving threat landscape and the increasing complexity of digital ecosystems. Governments and framework-developing bodies worldwide recognize the importance of a secure digital environment and are taking proactive steps to expand existing frameworks to enhance cyber resilience. As technology advances and organizations become more interconnected, widely adopted frameworks augment their scope to encompass a range of risks and challenges. 

Our research finds notable shifts in the integration of risk-based approaches, emphasizing the need to prioritize security measures based on the potential impact of threats, the need for transparency for stakeholders, and expanding the understanding of cyber as an enterprise-wide risk. As we detail in this report, the U.S., Europe, and industry groups have made significant strides in new frameworks for resilience.

Understanding the criticality of people in cybersecurity

Human factors play a pivotal role in cybersecurity, underscoring the critical interplay between technology and human behavior. Despite technological advancements, humans are both the weakest link and essential component in the security chain. Understanding cognitive biases, promoting critical cybersecurity awareness, and providing judgment-free training is key to mitigating human-related vulnerabilities. As cybersecurity threats evolve, recognizing and addressing the human element is essential for building resilient defense mechanisms that account for the complexities of human behavior within the digital landscape. The global shortage of cybersecurity professionals continues to be greater than three million people worldwide. More challenging still, organizations that suffer serious cybersecurity breaches often see significant numbers of hard-to-replace staff depart.

Considering the complexity and pace of change in modern technological environments and the scale of cybercrime, cyber resilience presents a moving target. 

To quote Red Sift CEO, Rahul Powar, “Proactive cybersecurity is the shield that guards your digital fortress before an adversary strikes. Resilience is what turns setbacks into stepping stones.”

Organizations can begin turning aspiration into action by increasing visibility into their attack surface and prioritizing the protection of their crown jewels while following research-backed recommendations, aligning with frameworks, and complying with regulations. 

You can download the full State of Cyber Resilience 2023 report here.

PUBLISHED BY

Sean Costigan

16 Nov. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

From concept to market leader: Reflecting on the development of Red Sift…

Rahul Powar

Following Red Sift OnDMARC being featured in 18 reports in G2’s Spring 2025 Report, CEO Rahul Powar shares his thoughts on the innovation behind the product—and what’s driving its continued momentum in the fight against phishing and Business Email Compromise (BEC). When I founded Red Sift, my goal was to make proactive cybersecurity accessible…

Read more
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more
DMARC

The Mail Check deadline has passed: Is your organisation at risk? 

Jack Lilley

The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents. This change comes as a measure to expand the…

Read more