Lack of Clarity in Cyber Investigations Costs U.S. Enterprises $48.1 Billion

New report from Binalyze reveals $114K-per-hour cost of delayed cyberattack response

London, November 18, 2025: Binalyze, a leader in automated investigation and response, today released a new report that examines enterprises’ approach to cyber incident response. The research reveals that a lack of clarity in cybersecurity investigations costs organizations on average $1.1 million over the last five years – or $48.1 billion across the U.S.A. In addition, every hour of delay in responding to a cyber incident costs on average $114,000.

With 84% of CISOs saying a successful cyberattack is now inevitable, organizations must establish effective and rapid response protocols to stop attackers in their tracks, minimize financial losses, and protect against reputational damage. Yet 79% of organizations favor cyberattack prevention over response, with budgets averaging a 2:1 ratio towards prevention ($3.02 million to $1.54 million).

Binalyze’s report, The State of Cybersecurity Investigations 2025: How Cyber Scene Investigators Can Turn the Tide Against Attackers’ Sense of Impunity, surveyed 200 US CISOs. The report exposes major cracks in enterprise crisis management, showing how repeated missteps responding to cyberattacks are worsening both financial and reputational damage. Key findings show:

• A clarity gap blocking simple answers: At most 50% of CISOs can answer the most basic cyberattack questions, such as: Does the attacker still have access? How did they get in? Was data stolen? And if so, what? Being able to answer these questions with confidence should be every organization’s priority.
• Repeating mistakes of the past: 65% of CISOs admit their organizations haven’t always learned the right lessons following cyberattacks. In fact, 75% say once a cyberattack has happened, there’s no guarantee that the exact same attack won’t succeed again.
• The attack aftermath: 70% of organizations say they struggled to remediate or recover from an attack in the past year. Additionally, 61% have been punished by regulators because of a security breach, and 56% denied cyber insurance payouts, due to being unable to demonstrate, through sufficient insight, that the necessary security controls were in place.

“With cyberattacks now inevitable, the real test for organizations is how fast they can respond and recover,” says Lee Sult, Chief Investigator at Binalyze. “The recent Jaguar Land Rover breach, which halted operations for a month and cost an estimated $2.5 billion, highlights the scale of disruption at stake. Rapid cyber response encompassing in-depth Cyber Scene Investigation is essential to identify, isolate, and eliminate threats while keeping regulators and insurers informed. But this relies on visibility, and 75% of CISOs feel they are missing key information every time there is a breach. With clear, actionable insight into IT environments, organizations can locate attackers, contain damage, and regain control before the impact spirals.”

The Need for Speed in Cyber Investigation

Rapid response is critical when cyber breaches or attacks occur. Every minute gives attackers more time to cause damage or hide their tracks, and organizations less time to understand the breach, update stakeholders, and warn the wider community of new threats.

Yet limited visibility across security frameworks continues to hinder effective incident

management, leading to inconclusive investigations and escalating costs. In fact, 88% of CISOs agree that faster investigation and response would significantly reduce breach costs. But awareness isn’t enough, with only 40% of CISOs reporting confidence in their organization’s crisis management framework.

Rapid, forensic investigation is key for understanding attacks and attackers, helping organizations respond to breaches before unnecessary financial and reputational damage is done. Currently, organizations take, on average, 8.6 hours to bring forensics into play. This delay in implementing forensics to help gain visibility into a breach represents a cost of $980,400 before a real response can even start. With organizations investigating on average nine cyberattacks in depth per year, this equates to almost $9 million in unnecessary losses.

“The less an organization understands an attack, the harder it is to recover, and the harder it is to learn any lessons,” continues Sult. “True resilience starts with visibility. Security teams that can see across their entire IT environment and deploy forensics at the earliest stage don’t just accelerate recovery. They make attackers’ lives harder. Forensics empowers teams to uncover threats and identify vulnerabilities before attackers have the chance to exploit them – enabling organizations to act decisively and bounce back quickly.”

“Yet CISOs claim to have visibility over only 57% of their organization’s IT environment at any one time. This lack of visibility not only slows recovery but risks non-compliance and regulatory penalties. Swift, forensic investigation shouldn’t just be a post-mortem exercise. When deployed proactively, it becomes a weapon – a way to identify, disrupt, and deter threat actors before they strike.”

Methodology

Findings are based on a survey of 200 US CISOs and others with sole responsibility for IT cybersecurity decision-making at enterprises with 500 or more employees. Research was performed in September 2025.

About Binalyze
Binalyze is the global leader in Automated Investigation and Response. AIR connects with your existing security stack to automate evidence collection and deliver the context your team needs to investigate faster and act with confidence. By turning alerts into insight and signal into clarity, Binalyze empowers security teams to stay ahead of both proactive and reactive threats.

AIR automates the collection and analysis of evidence data across endpoints, cloud, and hybrid environments, enabling faster, conclusive investigations and continuous readiness. Recognized by Gartner in the Cloud Investigation and Response Automation (CIRA) category, Binalyze is trusted by enterprises, MSSPs, and incident response teams worldwide.

Media Contact: Marie Wilcox, VP Marketing
marie.wilcox@binalyze.com
www.binalyze.com