A global survey from Zscaler has revealed a key disconnect between IT leader confidence in their organisation’s ability to weather upcoming failure scenarios such as blackouts, brownouts and cyber attacks, and the effectiveness of current security approaches.
According to the latest report, ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’, which surveyed 1,700 IT decision makers across 12 countries, almost half (49%) believe their IT infrastructure is resilient and 94% think their current cyber resilience measures are effective. However, two-fifths (40%) of IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 45% believe their strategy is up to date in response to the rise of AI.
Examining the disconnect between confidence levels and current strategies highlights a lack of investment from organisational leadership as a key friction point. Respondents indicate that leaders understand the growing importance of having a robust cyber resilience approach, but only 39% believe it is one of their leaders’ top priorities. This prioritisation is reflected in the amount of budget assigned to cyber resilience strategies, with half of the respondents (49%) agreeing that the level of investment doesn’t meet the escalating need.
It is also evidenced by the lack of cyber resilience involvement from leadership. For most organisations, the burden of cyber resilience planning falls to IT leaders and their teams. Fewer than half (44%) of IT leaders say they have the CISO, for instance, actively participating in any resilience planning. Further evidence of cyber resilience being siloed is the fact that only 36% of IT leaders say their cyber resilience strategy is included within their organisation’s overall resilience strategy.
“The possibility of a major failure scenario for organisations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity. But this change in approach requires a company-wide mindset shift that can only be enforced from the top down. Leadership needs to engage with their IT teams to create a cyber resilience strategy that is robust and fit-for-purpose in the face of today’s ever-more volatile threat and operating landscapes. We call this becoming ‘Resilient by Design’.”
In spite of 85% of IT leaders feeling confident that their organisation could withstand or recover from a failure scenario, examining this revealed weaknesses. The majority (60%) of IT leaders believe their organisation prioritises prevention, and over two fifths (43%) of cybersecurity strategies and budgets are focused on prevention, at the expense of response or recovery, suggesting most organisations are unprepared for a failure if it occurred and would struggle to recover.
Even among those organisations focusing their efforts on prevention, fewer than half are deploying each of the following proactive security tools to contain the blast radius of cyber-attacks and mitigate further damage: risk hunting (44%), Zero Trust micro segmentation (42%,) and deception technologies (35%).
The research indicates that 94% of IT leaders understand how a strong cyber resilience strategy can help strengthen business performance, but current approaches aren’t delivering the desired results. Despite strong belief in the efficiency of their resilience measures, only one-in-two IT leaders say their organisations are seeing a reduction in data loss (56%) and faster incident recovery (53%) through their resilience efforts. Even fewer report faster incident detection and containment (49%) – and other benefits show still lower returns.
“A cyber resilience strategy is not just a means to weather the dangers of a digital future, but also an enabler of greater innovation and improvement of your organization without fear of consequences,” commented James Tucker, Head of EMEA CISOs in Residence, Zscaler. “If both the business and employees build a ‘Resilient by Design’ mindset, then organisations set themselves up to push the boundaries of what they can do and better adapt to any adverse situations that arise. With the growing threat landscape including AI-based attacks and continued pressure to digitise not likely to abate any time soon, our attack surfaces are still expanding beyond our control. A robust and proactive resilience strategy, underpinned by a zero trust architecture, ensures a foundation that won’t crumble.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.