The increasing sophistication of cyber threats makes it difficult for business leaders to understand the exact impact of these attacks. Companies are investing large amounts of money to protect their assets. They are creating new jobs in their global workforce for cyber protection and adding technology services.
Despite spending billions of dollars, corporate data breaches continue to expose organizational vulnerabilities. Experts believe that the problems do not originate from a lack of awareness. It rather comes from a lack of understanding of what an organization should look like when it is truly ready to protect itself against future cyberattacks.
In a recent episode of the Analytics Insight Podcast, host Priya Dialani discusses this critical issue with James Hadley, Founder and Chief Innovation Officer at Immersive. They discuss why so many enterprises remain vulnerable to attacks, despite significant cybersecurity budgets.
Priya begins the discussion by addressing a common concern across industries: the cybersecurity spending is rising, yet organizations struggle during actual incidents. James agrees that awareness is now universal. “There isn’t an enterprise or even a medium-sized business in the world now that doesn’t realize that cyber is a continuous and persistent threat to their operations,” he says.
The issue, he explains, lies in how preparedness is measured. Cyber incidents are rarely isolated technical problems. “Cyber is not different from business; in the event of a cyber incident that stems into a business crisis, which fundamentally impacts top line and bottom line for these companies, as well as reputation,” the CEO of Immersive notes.
According to James, most cyber budgets are still directed toward defensive controls. “What we often see is cyber budgets being spent on adding more technical controls,” he explains, referring to tools like firewalls and antivirus software. While these investments are tangible and easy to justify, they don’t prove real-world readiness.
“What’s really hard to prove,” James Hadley adds, “is that everything we’ve invested in means that we are able to identify, detect, and recover from cyberattacks quickly.” This gap becomes critical when organizations assume breaches are inevitable but fail to rigorously test their response and recovery capabilities.
Immersive's research has identified one of the biggest blind spots for organizations: siloed preparation. “The majority of cyber incidents that are rehearsed, only 41% of those included non-technical leaders,” Hadley reveals. Yet when a breach escalates into a crisis, teams like legal, HR, and communications are essential.
When organizations do not rehearse together as one team, they lack the “muscle memory,” as per James. This leads to more impactful incidents, slower recovery, and an erosion of confidence very quickly. The true measure of cyber resilience is ongoing, organization-wide readiness as opposed to simply higher expenditures.