UK CEOs appear to hold high expectations for cyberattack detection and recovery timelines, according to research conducted by Cohesity in partnership with OnePoll.
A majority of CEOs (67%) expect to be notified of a security breach within 30 minutes. In terms of recovery, over half (52%) expect basic business operations to resume within one day.
There are also potential implications for leadership accountability. More than 80% of CEOs indicate that the senior person responsible could face career consequences if they do not ensure a rapid recovery or effectively manage the longer-term impact of a cyberattack. Additionally, 20% associate responsibility for long-term business impact directly with the CEO role.
The research also highlights variation in expectations and decision-making during incident response. There is often no single agreed owner for key decisions in a cyberattack response situation, which can contribute to delays or uncertainty in coordination.
Expectations across response stages
Notification of an attack:
Overall, 67% expect notification within 30 minutes
Resuming basic operations:
Returning to full operations:
Despite these expectations, real-world cyber incidents often take several months before full operational capability is restored.
Clarity of leadership roles
Responsibility for initial incident response varies across organisations. CEOs reported expecting initial communication or coordination from:
In terms of decision-making authority during recovery, responsibility is also distributed:
AI risk and governance responsibilities
Responsibility for AI cybersecurity and governance is similarly spread across multiple executive roles. The CTO is most commonly identified as the lead for AI cybersecurity (41%), followed by the CISO (31%), CIO (29%), CSO (26%), and Chief AI Officer (22%).
For AI policy management, responsibility is also divided, with CIOs responsible in 30% of organisations, while CTOs are responsible for AI security in 41%. In some cases, the role responsible for restoring AI systems differs from the role overseeing their day-to-day governance.