Three cyber incident types account for 95% of all IR cases. Organizations typically reserve third-party IR engagements for only the most disruptive and damaging incidents, so it’s telling that our cases are dominated by ransomware (44% of cases), business email compromise (27%), and intrusions (24%). While their combined contribution is quite consistent year over year, an increase in the intrusion proportion is largely offset by a decrease in ransomware’s share. Detailed analysis hints that this is no mere coincidence, with signs that many ransomware attacks were stopped prior to detonation — indicating that organizations are improving their detection capabilities.

Respond instantly to Identity threats with Okta Identity Threat Protection. Tap into signals from across your existing security stack and downstream SaaS apps to automate the detection and remediation of threats at every point of a user’s journey — including after authentication.

The security end goal for all organizations is cyber resilience. Effective prevention and detection measures remain a critical cornerstone of security strategies, but companies shouldn’t stop there. The evidence suggests that the likelihood of being affected by a security incident is almost inevitable. Many organizations fall victim repeatedly, particularly if they have not addressed the root cause of the first incident or the factors that allowed it to unfold.

What matters is how you prepare for, withstand, respond to, and recover from an incident. This is cyber resilience.