A recent global study by Zscaler, a leader in cloud security, has revealed a concerning disconnect between IT leaders’ confidence in their cyber resilience strategies and the reality of current cyberattacks. While 94% of IT executives believe their security measures are effective, threats continue to rise, and ransomware attacks cost companies billions of dollars each year.
The survey, conducted by Sapio Research and based on the opinions of 1,700 IT leaders across 12 countries, highlights that 60% of organizations expect to experience a critical failure in the coming year, yet only 45% believe their cyber resilience strategy is up-to-date with AI-driven threats. This gap between confidence and effective action jeopardizes companies’ ability to prevent, respond to, and recover from security incidents.
Cyber resilience remains a low priority for business leaders
One key finding of the report is the lack of engagement from business leaders in the cyber resilience strategy. Although a majority acknowledges its importance, only 39% of respondents believe this area is a priority on the agenda of senior executives.
This lack of commitment is reflected in the investment allocated to cybersecurity, as 49% of respondents feel that the current budget is insufficient to address the growing threat of cyberattacks. Furthermore, the management of cyber resilience still largely rests with IT teams, with less than half (44%) of IT leaders stating that their company’s CISO actively participates in cyber resilience planning.
According to Jay Chaudhry, CEO and founder of Zscaler, “The likelihood of an organization facing a critical failure is not a matter of ‘if’, but ‘when’. Proactive resilience is essential to mitigate incidents before they escalate into major issues for business continuity. A strategy based on Zero Trust is crucial to defend against advanced threats, avoiding persistent attacks facilitated by outdated technologies such as firewalls and VPNs. The key is for leadership and IT teams to work together to adopt an effective cyber resilience strategy.”
Overemphasis on prevention and insufficient preparation for recovery
Another issue highlighted in the report is the imbalance in cybersecurity strategies. Sixty percent of IT leaders believe their organizations are overly prioritizing prevention, neglecting effective response and recovery strategies.
The report reveals that 43% of cybersecurity budgets are allocated to prevention, while less than half of companies have implemented essential tools to mitigate the impact of an attack, such as threat hunting (44%), Zero Trust micro-segmentation (42%), and deception technologies (35%).
For James Tucker, Director of EMEA CISOs at Zscaler, this approach is insufficient: “The attack surface continues to expand uncontrollably due to digitization and the rise of AI-driven threats. A proactive resilience approach based on Zero Trust is essential to ensure that an organization can recover quickly even in the face of a successful attack. Transforming network and security architecture is no longer an option but a necessity.”
Zero Trust: The key to a ‘Resilient by Design’ cyber resilience strategy
In light of this landscape, the report emphasizes the need for organizations to adopt a security approach based on Zero Trust, where identity verification and segmentation minimize the risk of unauthorized access and lateral movement of attackers within the network.
Zscaler proposes a strategy called “Resilient by Design,” which is based on four key pillars to reduce cyber risk at all stages of the attack chain:
- Minimize the attack surface
- Prevent initial compromises
- Eliminate lateral movement of attackers
- Prevent data leakage
By incorporating artificial intelligence into its cloud security platform, Zscaler asserts that organizations can enhance their security posture by dynamically adjusting access based on emerging risks.
Conclusion: A change in approach is essential
Zscaler’s report makes it clear that cyber resilience is still not receiving the priority attention it requires in many organizations. The increase in AI-driven attacks, accelerated digitization, and lack of adequate investment in response and recovery strategies are factors that heighten the vulnerability of companies.
Organizations that adopt a Zero Trust approach and a “Resilient by Design” cyber resilience strategy will be better prepared to face the challenges of the current threat landscape. It’s not just about preventing attacks, but ensuring that when they happen, the impact is minimized and recovery is quick and effective.
The full report, titled “Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative”, is available for download on Zscaler’s official website.