The unrealistic expectations of UK CEOs in cyberattack recovery

According to research conducted by Cohesity in partnership with OnePoll, UK CEOs anticipate quick recovery from cyberattacks but lack clarity on decision-making roles, affecting rapid response and recovery.

UK CEOs appear to hold high expectations for cyberattack detection and recovery timelines, according to research conducted by Cohesity in partnership with OnePoll.

A majority of CEOs (67%) expect to be notified of a security breach within 30 minutes. In terms of recovery, over half (52%) expect basic business operations to resume within one day.

There are also potential implications for leadership accountability. More than 80% of CEOs indicate that the senior person responsible could face career consequences if they do not ensure a rapid recovery or effectively manage the longer-term impact of a cyberattack. Additionally, 20% associate responsibility for long-term business impact directly with the CEO role.

The research also highlights variation in expectations and decision-making during incident response. There is often no single agreed owner for key decisions in a cyberattack response situation, which can contribute to delays or uncertainty in coordination.

Expectations across response stages

Notification of an attack:

  • 26% expect notification within 5–15 minutes
  • 23% within 16–30 minutes
  • 19% within under five minutes

Overall, 67% expect notification within 30 minutes

Resuming basic operations:

  • 14% expect within 1 hour
  • 38% within one day
  • 28% within a few days
  • 11% within a week

Returning to full operations:

  • 14% expect within one day
  • 30% within a few days
  • 21% within one week
  • 15% within a few weeks

Despite these expectations, real-world cyber incidents often take several months before full operational capability is restored.

Clarity of leadership roles

Responsibility for initial incident response varies across organisations. CEOs reported expecting initial communication or coordination from:

  • Security Advisory Board (25%)
  • CTO (21%)
  • CISO (21%)

In terms of decision-making authority during recovery, responsibility is also distributed:

  • Board as a whole (23%)
  • CTO (21%)
  • CEO (20%)
  • Security Advisory Board (14%)

AI risk and governance responsibilities

Responsibility for AI cybersecurity and governance is similarly spread across multiple executive roles. The CTO is most commonly identified as the lead for AI cybersecurity (41%), followed by the CISO (31%), CIO (29%), CSO (26%), and Chief AI Officer (22%).

For AI policy management, responsibility is also divided, with CIOs responsible in 30% of organisations, while CTOs are responsible for AI security in 41%. In some cases, the role responsible for restoring AI systems differs from the role overseeing their day-to-day governance.

Westcon-Comstor appoints Olya Scekaturova to lead sales growth across UK and Ireland.

Cynomi Report: What MSPs Are Actually Asking About AI in 2026

Posted 57 minutes ago by Sophie Milburn
Cynomi’s “What MSPs Are Actually Asking About AI” report reveals the real questions shaping the managed services landscape, from data security...

Cyber attacks surge in UK healthcare sector

Posted 18 hours ago by Sophie Milburn
SonicWall reports a rise in cyber attacks against the UK healthcare sector, with a focus on dated vulnerabilities and new technological risks.
As cyber threats escalate, SEP2's approach aims to offer a specialist partnership to strengthen organisations across regulated sectors with Check...

Tenable joins OpenAI in the battle against cyber threats

Posted 20 hours ago by Sophie Milburn
Tenable and OpenAI partner to harness AI in confronting evolving cyber threats and enhancing exposure management capabilities.

RETN secures top titles in LINX Reseller Awards

Posted 20 hours ago by Sophie Milburn
RETN named Top Reseller for European and North American Networks in LINX awards.
Cynomi has introduced new integrations, automated scanning capabilities, a centralised document repository, and enhanced AI features aimed at...
Apptio has introduced new features, including Conversational Insights, aimed at improving visibility into IT and cloud spending by combining cost,...