62% of Ukrainian companies lack a clear cyber crisis strategy – blitz survey

23/ 04/ 2025

According to Ukraine’s State Service of Special Communications and Information Protection of Ukraine, the number of cyberattacks on the country rose by 70% in 2024. In response, Calibrated, together with partners EBA, LOOQME, MMR, and the IT Ukraine Association, conducted a blitz survey in March 2025 to assess how prepared Ukrainian businesses are for crisis communications during cyber and information attacks. View the presentation More than half of the organisations surveyed acknowledged a moderate or high likelihood of facing cyber or information attacks within the next year. However, 30% admitted that their company rarely or never conducts risk assessments. 62% of respondents said their company lacks a clear cyber crisis response strategy, while 39% do not have a dedicated crisis communication plan. Only one-third reported being fully prepared, with trained response teams and designated spokespersons in place. Moreover, 41% do not conduct practical training for cyber or information crises. The survey revealed a strong pattern: companies that have already experienced cyberattacks tend to show a significantly higher level of readiness — they hold regular training sessions and have fully integrated crisis communication plans. The top cyber threats identified by respondents were phishing emails (71%) and data breaches (70%). Other prominent risks included bot attacks in comment sections (43%), employee account hacking (41%), and cyberattacks targeting brand social media accounts (40%). Key barriers to building an effective cyber incident response system were identified as rapidly evolving threats (57%), lack of in-house expertise (37%), and limited budgets for training (38%) and threat monitoring (30%). The most in-demand tools for crisis response included AI-powered threat monitoring (34%) and scenario-based crisis simulations (32%). Additionally, 21% of respondents found it valuable to learn from companies that had previously faced cyber incidents. The survey involved communication professionals, top managers, IT and security specialists from 63 companies, ranging from large enterprises (2,000+ employees) to small and medium-sized businesses. Read the full report: https://calibrated.agency/survey-cyber-crisis-response-2025

View the presentation

More than half of the organisations surveyed acknowledged a moderate or high likelihood of facing cyber or information attacks within the next year. However, 30% admitted that their company rarely or never conducts risk assessments.

62% of respondents said their company lacks a clear cyber crisis response strategy, while 39% do not have a dedicated crisis communication plan. Only one-third reported being fully prepared, with trained response teams and designated spokespersons in place. Moreover, 41% do not conduct practical training for cyber or information crises.

The survey revealed a strong pattern: companies that have already experienced cyberattacks tend to show a significantly higher level of readiness — they hold regular training sessions and have fully integrated crisis communication plans.

The top cyber threats identified by respondents were phishing emails (71%) and data breaches (70%). Other prominent risks included bot attacks in comment sections (43%), employee account hacking (41%), and cyberattacks targeting brand social media accounts (40%).

Key barriers to building an effective cyber incident response system were identified as rapidly evolving threats (57%), lack of in-house expertise (37%), and limited budgets for training (38%) and threat monitoring (30%).

The most in-demand tools for crisis response included AI-powered threat monitoring (34%) and scenario-based crisis simulations (32%). Additionally, 21% of respondents found it valuable to learn from companies that had previously faced cyber incidents.

The survey involved communication professionals, top managers, IT and security specialists from 63 companies, ranging from large enterprises (2,000+ employees) to small and medium-sized businesses.

Read the full report: https://calibrated.agency/survey-cyber-crisis-response-2025