The financial ripple effects of cyberattacks now extend well beyond operational disruption, reshaping boardroom priorities, financial planning, and growth strategy, according to research by data security specialist Cohesity.

According to the report, nearly three-quarters of organisations (76%) have experienced at least one material cyberattack, defined in the survey as an incident that caused measurable financial, reputational, operational, or customer churn impact. 70% of publicly traded companies reported adjusting earnings or financial guidance after an attack, while 68% said they observed an impact on their stock price.

The study also found that 73% of privately held firms redirected budgets from innovation and growth initiatives as a result of a cyberattack, while 92% reported experiencing legal, regulatory, or compliance consequences, including fines, legal action, or other enforcement.

Sanjay Poonen, chief executive officer and president at Cohesity, said: “These findings show that cyberattacks now touch every part of an organisation, testing even the most well-prepared as aftershocks spread beyond technical recovery. When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”

In another fast-evolving challenge, the study also revealed that as enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption. Even though most recognise its transformative potential, 81% of IT and security leaders said GenAI is advancing faster than their organisations can safely manage risks.

Poonen added: “Organisations are confronting the AI and security paradox. On one hand, AI will transform virtually every aspect of business operations. On the other, this research shows that most IT leaders fear adoption is outpacing their risk tolerance. The path forward begins with AI-ready data that is trusted, protected, and resilient. It forms the infrastructure cornerstone for responsible AI, enabling organisations to innovate confidently without increasing exposure.”

---