Cyberattacks Are Now Reshaping Corporate Finance, Not Just IT — Cohesity’s New Study Reveals a Global Reckoning

A new global study from Cohesity reveals a stark new reality for enterprise leaders: cyberattacks have evolved from isolated IT crises into full-blown financial events that ripple through earnings reports, board strategies, and market valuations.

According to Risk-Ready or Risk-Exposed: The Cyber Resilience Divide, 76% of organizations worldwide have experienced at least one “material” cyberattack — incidents that inflict measurable financial, reputational, or customer losses. And the economic aftermath isn’t confined to IT recovery: 70% of publicly traded firms adjusted earnings or guidance, while nearly three-quarters of private companies redirected growth budgets to fund recovery and remediation.

“These findings show that cyberattacks now touch every part of an organization, testing even the most well-prepared as aftershocks spread beyond technical recovery,” said Sanjay Poonen, CEO and president of Cohesity. “When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”

From Cyber Event to Market Event

The survey suggests that financial reporting frameworks have not kept pace with the growing materiality of cyber incidents. While few public companies formally disclose adjustments tied to breaches, Cohesity’s data reveals that the underlying financial strain is much broader than what investors see.

Experts say this reflects a widening disclosure gap — a result of limited regulatory guidance, narrow definitions of materiality, and the inability to quantify losses in brand equity, customer retention, and operational momentum.

Even so, nearly half of respondents claimed “complete confidence” in their cyber resilience strategies, highlighting a possible disconnect between executive optimism and the ground truth of mounting financial exposure.

AI Acceleration and the New Risk Paradox

The report also points to a brewing dilemma in the age of generative AI. While most leaders recognize AI’s transformative potential, 81% of IT and security executives say GenAI adoption is outpacing their organization’s ability to manage associated risks.

“Organizations are confronting the AI and security paradox,” said Poonen. “On one hand, AI will transform virtually every aspect of business operations. On the other, this research shows that most IT leaders fear adoption is outpacing their risk tolerance. The path forward begins with AI-ready data that is trusted, protected, and resilient.”

That shift underscores a broader market theme emerging across the enterprise security landscape — that data resilience and responsible AI governance are becoming the foundation for digital trust.

Resilience as Strategy, Not Slogan

Cohesity’s findings make clear that resilience is no longer an afterthought in cybersecurity — it’s a measure of business viability. As financial and regulatory consequences escalate, recovery speed, data integrity, and transparency are shaping up to be the true differentiators of tomorrow’s market leaders.

The study concludes that organizations able to anticipate, withstand, recover from, and adapt to cyber disruption — as defined by NIST — will ultimately define the next era of competitive advantage.

For enterprises, the message is blunt: the cost of cyber insecurity isn’t just downtime. It’s investor confidence, innovation budgets, and long-term growth potential.