“93% admitted their company has missed warning signs of crises or disruptions.”
Crisis24 survey: missed warnings and clear financial consequences
That single line is the opening diagnosis from a Crisis24 analysis of corporate crisis preparedness. The report found an overwhelming admission of failure: 93% of respondents said their company has missed warning signs of crises or disruptions, with one in four saying this happens frequently or all the time. Nearly half (48%) agreed that their leadership team is frequently caught off guard by market shifts and external pressures.
The consequences are concrete. Every respondent reported that their business had suffered a financial impact from a recent disruption; more than a quarter (28%) put the cost at $25 million or more from a single event, while the median impact was $2 million. Senior leaders estimated that close to half (46%) of their leadership team’s time is spent reacting to immediate crises rather than preparing for future ones — a drain on strategy as well as capital.
Geopolitical risk and C-suite anxiety in Q1 2026
The survey was fielded in Q1 2026, before the outbreak of the US/Israel-Iran conflict; even then, geopolitical risk was already a dominant concern. Nearly four in five respondents (79%) said that recent geopolitical events had forced their company to rethink its crisis management strategy, and 45% said they felt underprepared for geopolitical instability specifically. More than a quarter (26%) of leadership teams described their anxiety about global instability’s impact on their business as high or severe, and 81% agreed that this anxiety has a direct impact on strategic decision-making in their organization.
Data abundance, insight scarcity: why companies miss early signals
Leaders described a structural gap between data collection and decision-quality intelligence. Two-thirds (67%) agreed their organization has access to large amounts of data but struggles to convert it into prioritized, actionable insights. More than half (56%) pointed to a disconnect between the data they collect and their ability to use it for fast strategic decisions during crises.
When asked what prevents earlier detection of crises, respondents ranked information overload first (46%), followed by too much noise in the data (43%) and difficulty establishing data credibility or relevance (42%). A broader forecasting problem looms: 68% cited some form of inability to forecast business disruptions as a barrier, including lack of suitable external solutions, in-house capabilities, and dedicated resources.
Cybersecurity posture, micro-segmentation, and sector-specific friction
Senior leaders identified the specific threat areas where preparedness is weakest: cybersecurity threats (48%), AI-driven misinformation (46%), geopolitical instability (45%) and financial market instability (42%). Those numbers intersect with findings from a separate Elisity report focused on security controls in healthcare and manufacturing.
Elisity reported that 99% of security leaders want micro-segmentation deployed, yet the majority have protected fewer than 80% of their critical systems. Nearly half of respondents said their organizations experienced lateral movement attacks in the past year. The sample — 352 U.S. cybersecurity decision makers in healthcare and manufacturing — reveals appetite and shortfall in equal measure: 44% cite comprehensive device visibility as their most critical capability gap, and 69% demand identity-based controls in any modern solution.
Micro-segmentation presents a paradox: it ranks toward the bottom at 24% among currently deployed Zero Trust initiatives but ranks first among planned priorities. Practical drivers and barriers are visible in the data: 32% cite cyber insurance requirements as a direct business driver for pursuing micro-segmentation, yet only 22% reported hands-on experience with modern micro-segmentation. Healthcare organizations singled out integration with SIEM, EDR, and SOAR as their top challenge in previous micro-segmentation efforts, and clinicians create distinctive policy needs — visiting clinicians (74%) and clinical staff (72%) require the most granular policy attention due to the mix of managed and unmanaged devices moving through clinical environments.
What this means for security leaders, healthcare & manufacturing IT, and corporate leadership
- Security leaders: Want micro-segmentation in principle (99%) but face execution gaps — fewer than 80% of critical systems are protected in most organizations, and nearly half saw lateral movement in the last year.
- Healthcare and manufacturing IT teams: Must reconcile device visibility shortfalls (44% named this as the most critical gap) and difficult integrations (SIEM, EDR, SOAR) with policy demands for visiting clinicians and clinical staff (74% and 72% respectively).
- Corporate leadership: Are spending nearly half their time reacting (46%) and acknowledge avoidable market-share losses (60% said more than a quarter of past losses could have been prevented with earlier intelligence), yet they report persistent barriers — information overload, noise, credibility, and forecasting capability (46–68% across those factors).
The data from Crisis24 and Elisity describes a clear gap between intent and implementation: leaders recognize the threats, can quantify the damage, and know the controls they want — but structural obstacles in data, forecasting, and integration are slowing the transition from confidence to capability. The question left by these figures is not whether organizations know what to fix; it is whether they will commit the resources, integration work, and hands-on experience that the numbers show are still missing.
