Cohesity Research Finds Cyberattacks Forcing Financial Course Corrections

SANTA CLARA, Calif.--(BUSINESS WIRE)--A new global study by Cohesity, a leader in AI-powered data security and resilience, shows the financial ripple effects of cyberattacks now extend well beyond operational disruption, reshaping boardroom priorities, financial planning, and growth strategy.

.@Cohesity, a leader in AI-powered data security and resilience, released a new study that shows the financial ripple effects of cyberattacks now extend well beyond operational disruption.

Share

According to the report, “Risk-Ready or Risk-Exposed: The Cyber Resilience Divide,” nearly three-quarters of organizations (76%) have experienced at least one material cyberattack—defined in the survey as an incident that caused measurable financial, reputational, operational, or customer churn impact.

• 70% of publicly traded companies reported adjusting earnings or financial guidance after an attack.
• 68% said they observed an impact on their stock price.
• 73% of privately held firms redirected budgets from innovation and growth initiatives.
• 92% reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.

“These findings show that cyberattacks now touch every part of an organization, testing even the most well-prepared as aftershocks spread beyond technical recovery,” said Sanjay Poonen, chief executive officer and president, Cohesity. “When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”

A New Financial Reality for Cyber Resilience

While only a small number of public companies have formally disclosed changes to earnings guidance following a cyber incident, the high percentages seen in this research indicate that respondents view material cyberattacks as producing broader financial strain and operational consequences than what public filings typically capture.

This disconnect between market perception and organizational reality is likely influenced by limited disclosure requirements, narrow investor definitions of materiality, and the underestimation of intangible losses such as brand trust, customer churn, supply chain impacts, and decreases in productivity.

The research also points to a shift in how enterprises treat cyber risk. While prevention and detection remain priorities, the true differentiator lies in how quickly organizations can recover with confidence and how effectively leaders can reassure markets, regulators, and customers after an incident. Nearly half of surveyed leaders (47%) expressed complete confidence in their resilience¹ strategies, even as costly attacks continue to produce measurable financial fallout.

GenAI Adoption Accelerates Beyond Risk Tolerance

The study additionally highlights a parallel challenge. As enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption. Eighty-one percent (81%) of IT and security leaders said GenAI is advancing faster than their organizations can safely manage risks. Yet most also recognize its transformative potential.

“Organizations are confronting the AI and security paradox,” said Poonen. “On one hand, AI will transform virtually every aspect of business operations. On the other, this research shows that most IT leaders fear adoption is outpacing their risk tolerance. The path forward begins with AI-ready data that is trusted, protected, and resilient. It forms the infrastructure cornerstone for responsible AI, enabling organizations to innovate confidently without increasing exposure.”

Resilience as Competitive Advantage

Cohesity’s findings underscore that cyber resilience is fundamental to financial health, leadership, and customer confidence. The organizations that outperform competitors today and in the future are those that can recover faster, remove threats, and maintain stakeholder trust when the inevitable disruptions occur.

See Cohesity’s five-step action plan for practical steps to strengthen cyber resilience.

View this press release in the Cohesity newsroom.

¹Respondents were provided with the NIST definition of cyber resiliency at the start of the survey: “The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.”

About the Research

Findings are based on a survey of 3,200 IT and security decision makers commissioned by Cohesity and conducted by Vanson Bourne in September 2025. Respondents represent organizations in the US, Brazil, UK, Germany, France, UAE, Australia, South Korea, Japan, India, and Singapore. The organizations had 1,000 or more employees and came from a range of public and private sectors.

About Cohesity

Cohesity protects, secures, and provides insights into the world’s data. As the leader in AI-powered data security, Cohesity helps organizations strengthen resilience, accelerate recovery, and reduce IT costs. With Zero Trust security and advanced AI/ML, Cohesity Data Cloud is trusted by customers in more than 140 countries, including 70% of the Global 500. Cohesity is also backed by industry leaders such as NVIDIA, Amazon, Google, IBM, Cisco, and HPE.

Cohesity is certified as a Great Place to Work in multiple countries. Follow Cohesity on LinkedIn and visit www.cohesity.com to learn more.