Preventing business disruption and building cyber-resilience with MDR
Threat actors are on a roll. They’ve optimized supply chains. Their ranks are growing thanks to pre-packaged services that lower the barriers to entry for budding cybercriminals. And they’re using AI tools to improve the success of social engineering, reconnaissance, vulnerability exploitation and other efforts, which ultimately make it easier than ever for adversaries to launch campaigns. They’re faster, more organized, and harder to stop.
On the other side, defenders are stretched thin as chronic skills shortages and expanding attack surfaces leave them on the back foot. Many may admit that breaches are, to some extent, inevitable. But reacting quickly enough to stop their adversaries before any damage can be done is often beyond them. That has propelled managed detection and response (MDR) to the top of the priority list for many IT leaders.
How and why disruption hurts
The digital revolution has transformed the way most organizations work – making processes more efficient, improving collaboration, enhancing decision making, and reducing human toil and error. And it continues to do so, thanks to AI. One 2024 study claims generative AI can boost coder productivity by 26%.
But with greater reliance on IT comes greater exposure to cyberattacks. The most serious, which usually involve data theft and/or extortion, can cause major disruption. Ransomware is the most obvious: by encrypting critical data, threat actors effectively bring operations to a standstill in the targeted organization.
Even if your adversaries don’t manage to encrypt everything, your IT team will usually be forced to pull the plug to contain the spread of any threat. A long process of cleansing and rebuilding, testing and reintroducing services then follows – taking days, weeks or even months.
In short, a serious security breach can disrupt online sales and other customer-facing services, factory-floor production processes, employee productivity across the organization, and even entire supply chains. According to IBM’s Cost of a Data Breach Report 2025, 86% of organizations that suffered a data breach over the past year experienced this sort of operational disruption.
The impact of downtime
Data theft makes headlines, but operational downtime also often inflicts deep wounds and comes with a potentially large bill attached. There’s the impact of lost sales and productivity to consider, as well as legal and notification costs, and the often-major charge for recovery. According to the UK’s NHS, 78% of £92 million ($124 million) in losses caused by the WannaCry (WannaCryptor) ransomworm campaign was due to IT support for restoring data and systems, for example. In a more recent example, Marks & Spencer may face a price tag of £300 million (US$403 million) in lost profit due to disruption.
Much harder to quantify is the long-term reputation damage potentially caused by a prolonged outage. If customers switch to a competitor as a result, there are two costs to consider: lost sales from those customers and new customer acquisition costs.
A major ransomware breach at UK retailer Marks & Spencer (M&S) earlier this year is estimated to cost the firm £300 million ($403 million) in lost operating profit and disruption to online services. But it’s still unclear whether it may lead to protracted losses in sales.
MDR at speed
All of which helps explain why MDR is increasingly viewed as a cornerstone of modern risk management strategies – helping to protect revenue, reputation, and the ability to operate without interruption. Speed of detection, containment and response has never been more important. As IBM notes in its report, the shorter the breach lifecycle, the less damage threat actors can do (in deploying ransomware or stealing data), and therefore the lower the ultimate cost.
Building proactive resilience
Of course, speed is not the only way to differentiate top-tier MDR services from the rest. Other related elements you should be looking for include 24/7 monitoring to ensure threat actors are stopped in their tracks, wherever in the world they’re located. Often, adversaries will strike on public holidays or at weekends in order to catch the in-house IT team unawares. The M&S and Co-op attacks began over the long Easter Bank Holiday weekend in the UK, for example.
As attackers are always looking for new ways to sneak into business networks without setting off alarm bells, threat hunting capabilities are also increasingly important. By proactively searching for threats that may not have triggered alerts, MDR teams can ensure the bad guys don’t get a head start.
IBM calculates that threat hunting could shave over $193,000 from the typical cost of a data breach. Effective threat intelligence, often wielded by threat hunting teams to better understand adversary behavior, could save even more ($212,000). The prospect of facing AI-powered ransomware and other such malware ups the ante further and makes a proactive, adaptive security strategy an absolute necessity for every organization.
High-quality MDR services also automate tracking and reporting for improved compliance and continuous enhancements to cyber-resilience, as well as gather information which can be used to prevent a similar breach in the future. For example, forensic data could feed into a vulnerability and patch management solution to build forward resilience. Speed is of the essence here, as threat actors often try to victimize the same organization multiple times.
Prevention-first security starts here
Business disruption can be an existential problem for some organizations. Ransomware victims such as currency exchange firm Travelex have gone into administration following serious incidents, while others including National Public Data and KNP have been forced to close completely. Fortunately, such cases are relatively rare, but they do highlight just what’s at stake. MDR can help to minimize the chances of this happening to your organization and, indeed, is best seen as an investment in business continuity.
All told, your best defense is a holistic security strategy that includes best-practice defensive measures such as endpoint and extended detection and response, patch management, identity management, and others, along with the expertise of a team of cybersecurity professionals. Not all MDR solutions are created equal, so it pays to shop around.
