According to a recent Immersive Labs report, organizations saw an accelerated cyberattack response time, from 29 days to 19 days from 2021 to 2022. While organizations are ensuring that cyber resilience activities span the MITRE ATT&CK framework, research observed a notable bias towards the earliest stages of the attack lifecycle, suggesting security leaders are potentially leaving their organizations exposed to after-incident risk.

According to the report, junior staff tend to challenge themselves with more difficult exercises and are more likely to stay current with new threats compared to more experienced cyber professionals. More junior workers on average complete content that is more difficult than more experienced professionals.

Modest gains were made in achieving resilience, especially those who focused on key areas such verifying the skills of new talent (46%) and assessing security team capabilities in realistic scenarios (30%) amid more sophisticated cyber threats.

Holistically, regulated industries only marginally outperform less-regulated peers, with a 6% difference across key resilience metrics, showing that regulated industries on average are not substantially better prepared for attacks than less-regulated industries. Nevertheless, financial services firms tend to perform the best, as the industry represents seven of the top 10 overall performers.