A survey of more than 600 cyber security decision-makers has revealed that almost three-quarters of CISOs believe their organisation would not be completely ready to respond to a cyber attack if it happened tomorrow.
According to cyber security firm Sygnia’s 2026 CISO Survey: The State of Incident Response Readiness, despite 76 per cent of organisations polled reporting at least some form of cyber attack in the last year, 73 per cent of senior cyber security leaders said they were not ready to respond under the pressure of a real incident.
“Incident response must be owned at the security, operational, and executive levels, with defined decision-making roles, pre-agreed escalation pathways, and regular board-level rehearsal,” Guy Segal, CEO of Sygnia, said in a statement.
“This report puts a spotlight on a troubling reality in that despite most organisations having an IR strategy in place, there is a clear lack of confidence in both the IR playbook itself as well as organisations’ ability to execute in a high-pressure real-world scenario. With the rapid adoption of AI driving both innovation and a larger attack surface, there has never been a more critical time to revisit IR readiness.”
Nearly all companies surveyed – 99 per cent – have an incident response plan in place, but three challenges stand in the way of successful implementation: organisational friction, cross-environment visibility, and an ever-expanding threat surface due to AI adoption.
Coordinating stakeholders is a challenge for 90 per cent of respondents, as is engaging the board in readiness incident response readiness and decision-making. 75 per cent also reported that communications and legal considerations were slowing down the decision-making processes.
78 per cent reported potential blind spots that could get in the way of responding to incidents. Public cloud environments are the most commonly problematic, reported by 90 per cent of those polled.
“With AI widening the attack surface, reducing time from initial compromise to impact, and expanding breach exposure time, today’s cyber threat landscape demands that organisations be in a continuous state of preparedness as attackers are innovating, scaling and finding new ways to infiltrate, disrupt and extort organisations of all sorts and at all times,” Segal said.
“However, strengthening detection and response capabilities alone won’t resolve the visibility and coordination breakdowns we’re seeing stall decision making and containment. Organisations should consider revisiting their approach on a regular basis, including both the use of AI in their cyber defence program and securing AI-driven technology and initiatives, to ensure they have a cross-functional, proactive team in place with visibility across IT/OT and cloud environments, and deep expertise in complex incidents.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.