Zscaler released the findings of its most recent survey, The ripple effect: A hallmark of resilient Cybersecurity, uncovering a growing disconnect between organisations’ confidence in their cyber resilience posture and their actual readiness for increasingly disruptive external threats. Conducted by Sapio Research, the report reveals that while 90% of organisations have boosted their cyber resilience investments in the past year, 61% believe their strategies remain too inward-focused defending their own perimeter, leaving them susceptible to risks from suppliers, emerging technologies like AI or quantum, and market volatility.
“Disruptions can now originate far beyond an organisation’s walls,” said Brian Marvin, SVP EMEA at Zscaler. “True resilience must ripple outward across dependency layers such as partners, platforms, and supply chains to absorb external shockwaves before they destabilize operations. By adopting a ‘Resilient by Design’ approach that extends beyond the walls of the enterprise, organisations can embed the capacity to withstand inevitable failure or breach scenarios.”
External risks surpass internal controls
Organisations worldwide are facing a complex array of risks, including cyberattacks, increasingly intricate supply chains, unpredictable geopolitical events, and rapid developments in AI and quantum computing. In fact, nearly two-thirds (63 of global IT leaders anticipate that a major disruption caused by a supplier or third-party vendor will occur within the next 12 months, while 60% have already experienced such an incident in the past year.
Despite these alarming figures, fewer than half of organisations have taken steps to update their resilience strategies to address third-party dependencies or instability within their supply chains, which have been identified as a critical external blind spot. Although organisations appear to have a high level of overall confidence in their resilience strategies, only 34% view their current measures as highly effective against supply chain volatility. This confidence declines further in the EMEA region, dropping to 30%.
Although organisations are ramping up their investments in resilience, outdated infrastructure continues to be a significant obstacle. A substantial 81% of organisations still rely on legacy systems, such as firewalls, VPNs, and on perimeter-based security models. 64% report that their current IT architecture restricts their ability to effectively respond to breaches, outages, and failures.
AI, Quantum, and data sovereignty heighten uncertainty
Emerging technology risks are also challenging the effectiveness of current resilience strategies. More than half (52%) of global IT leaders acknowledge that their existing security systems are not equipped to handle advanced threats, exposing organisations to new vulnerabilities. The rapid adoption of agentic AI also presents concerns, with 50% of organisations implementing or testing these technologies lacking robust governance frameworks. Seven out of ten organizations lack visibility into ‘shadow AI’ use, with 56% fearing sensitive data exposure from the use of public AI apps. Moreover, 57% of organisations have yet to factor Post Quantum Cryptography into their security strategy, despite 60% recognising today’s stolen data could be at risk in 3-5 years.
Foreign technology dependency is impacting discussions around sovereignty policies and regulations. Dependencies on foreign technology providers has and will continue to increase focus on control over own data, infrastructure, and operations. Our survey shows IT leaders are actively mitigating this risk: 79% are evaluating their dependency on foreign-technology, while six in 10 have updated their cyber resilience strategy in the past year to comply with new or evolving sovereignty laws. Last year, 60% updated their cyber resilience strategies in response to changing regulations, such as NIS2, DORA and GDPR.
“While it makes sense that global organisations are nervous to invest in digital transformation in this geopolitical climate, it could result in laggards being behind the curve,” noted James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Forward-thinking organisations are abandoning traditional centralised architectures and turning to distributed models with sovereignty and localisation at their core to mitigate any data sovereignty concerns. These modern approaches enable granular configuration to address specific regulatory and operational requirements.”
Three priority actions to become ‘resilient by design’
To effectively counter the surge of external threats, the report outlines three actions to expand the ripple effect of an organisation’s resilience posture with a ‘resilient by design’ approach.
- Prioritise visibility: Implement a single overlay platform that powers Data Security, AI and third-party security, as well as data sovereignty, giving end-to-end visibility and control across the full risk surface, including contractors and supply chains.
- Simplify with a platform approach: Decouple security from network infrastructure, adopting Zero Trust security based on least privileged access to secure all connections and allow organisations to reconfigure their market strategies or data flows quickly as conditions change.
- Future-proof with a Zero Trust architecture: Utilise a security architecture that can adapt to new threats by simply switching on new capabilities from a single dashboard, such as GenAI Security and Post-Quantum Cryptography visibility. This enables businesses to evolve their security strategy as threats emerge, rather than having to revolutionize their capabilities with new tools.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
