With 60% of Businesses Anticipating a Cyber Breach in 2025, Organisations Must Prioritise Resilience Strategies with a Zero Trust Architecture
Only 45% say their cyber resilience strategy is up-to-date in preparation for modern attacks in response to the rise of AI.
A global survey from Zscaler, the leader in cloud security, has revealed a critical disconnect between IT leader confidence in their organisation’s ability to weather upcoming failure scenarios like cyberattacks and the effectiveness of current security approaches. According to the survey conducted by Sapio, which incorporated responses from 1,700 IT decision makers across 12 countries, almost half (49%) of IT decision makers believe their IT infrastructure is highly resilient and 94% think their current cyber resilience measures are effective.
Contradicting this confidence, two-fifths (40%) of IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 45% report their strategy is up-to-date in preparation for modern attacks in response to the rise of AI–showing a disconnect between the level of confidence and taking action. With the threat landscape evolving and the devastating impact of ransomware attacks on businesses, organisations must evaluate their ability to respond to and plan for attacks– making it crucial to transition to a zero trust architecture.
Cyber resilience requires greater prioritisation and urgency from leadership
Examining the disconnect between confidence levels and current strategies highlights a lack of investment from organisational leadership as a key friction point. Respondents indicate that a majority of leaders understand the growing importance of having a robust cyber resilience approach, but only a minority (39%) believe it is one of their leaders’ ‘top priorities’. This prioritisation is reflected in the amount of budget assigned to cyber resilience strategies, with half of the respondents (49%) agreeing that the level of investment doesn’t meet the escalating need. From a total cost of ownership perspective, this suggests that spending additional funds on a legacy security model that isn’t working requires a new approach which can be accomplished with zero trust.
It is also evidenced by the lack of cyber resilience involvement from leadership. For most organisations, the burden of cyber resilience planning falls to IT leaders and their teams. Fewer than half (44%) of IT leaders say they have the CISO, for example, actively participating in any resilience planning. Further evidence of cyber resilience being siloed is the fact that only 36% of IT leaders say their cyber resilience strategy is included within their organisation’s overall resilience strategy.
“The possibility of a major failure scenario for organisations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity. Proactive resilience is essential to address incidents before they threaten business continuity.
Cyber resilience is foundational to overall business resilience, and outdated firewalls and VPNs allow persistent attacks, making a zero trust architecture crucial for defending against advanced threats. Leadership must collaborate with IT teams to develop a strong cyber resilience strategy based on Zero Trust, preparing for and mitigating the impact of sophisticated AI-driven attacks. We call this becoming ‘Resilient by Design’.”
Prevention is overprioritised compared to response & recovery
The majority (60%) of IT leaders believe their organisation overly prioritises prevention – with splits showing that over two fifths (43%) of cyber security strategies and budgets are focused on prevention, at the expense of response or recovery. This suggests that most organisations are not prepared for what would happen if a failure occurred and would struggle to recover business operations as quickly as needed. Even among those organisations focusing their efforts on prevention, fewer than half are deploying each of the following proactive security tools to contain the blast radius of cyberattacks and mitigate further damage: risk hunting (44%), Zero Trust micro segmentation (42%,) and deception technologies (35%).
“With the growing threat landscape including AI-based attacks and continued pressure to digitise not likely to abate any time soon, our attack surfaces are still expanding beyond our control. A robust and proactive resilience strategy, underpinned by a zero trust architecture, ensures a foundation that won’t crumble even in the wake of a successful attack, that can be remediated faster”, said James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Therefore organisations need to transform their network and security architecture and adopt a zero trust ‘Resilient by Design’ approach to weather the dangers of a digital future.”
A Zero Trust architecture enables a ‘Resilient by Design’ approach
To mitigate cyber resilience risk, organisations should embed visibility and control into their security strategy. Understanding failure scenarios more quickly and thoroughly based on the insights from an AI-powered cloud security platform to mitigate the blast radius of an incident strengthens the resilience posture. This outcome is what Zscaler enables with a ‘Resilient by Design’ approach. Because cyber threats evolve and advance so quickly, Zscaler leverages AI to dynamically adjust access based on changing risk. The Zscaler Zero Trust Exchange reduces risk across all four stages of the attack chain and supports a ‘Resilient by Design’ approach:
- Minimise the attack surface
- Prevent initial compromise
- Eliminate lateral movement
- Stop data loss
The full survey report ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’ can be downloaded via this link.
