Cyber resilience tunnel vision is leaving enterprises open to external threats
Many enterprises are overlooking supply chain risks as part of their cyber resilience strategies
More than six-in-ten organizations across worry their cyber resilience strategies are too internally-focused.
In a new report, cloud security firm Zscaler noted that businesses are increasingly susceptible to external shockwaves from cyber incidents, supply chain attacks, and geopolitical uncertainty.
As a result, 61% admitted their cyber resilience strategies are too internally-focused.
Six-in-ten (60%) said they have faced a major failure scenario owing to a supplier or third-party vendor over the past year, with 63% anticipating something similar over the next 12 months.
An overwhelming 96% are updating their strategy in response to external factors and shoring up defenses, with 90% having increased cyber resilience investment over the past 12 months.
"Disruptions can now originate far beyond an organization’s walls. True resilience must ripple outward across dependency layers such as partners, platforms, and supply chains to absorb external shockwaves before they destabilize operations,” said Brian Marvin, SVP EMEA at Zscaler.
“By adopting a ‘Resilient by Design’ approach that extends beyond the walls of the enterprise, organizations can embed the capacity to withstand inevitable failure or breach scenarios.”
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Cyber resilience practices are falling flat
Crucially, only 34% of organizations believe their current resilience measures are highly effective against supply chain volatility, and 52% said their organization’s current security systems are unable to defend against advanced threats.
While 76% of organizations have either fully implemented or are actively trialing agentic AI technologies, 69% said they lack visibility into the use of shadow AI use, with 56% fearing sensitive data exposure.
Looking forward, more than half (57%) of organizations said they haven't factored Post-Quantum Cryptography (PQC) into their security strategy, despite 60% recognizing that today's stolen data could be at risk in three to five years.
Many are also facing agility issues, with 59% of respondents acknowledging that their organization’s IT architecture cannot keep pace with the rapid rate of business change, and many are still heavily dependent on legacy systems.
“While it makes sense that global organizations are nervous to invest in digital transformation in this geopolitical climate, it could result in laggards being behind the curve,” said James Tucker, head of EMEA CISOs in residence at Zscaler.
“Forward-thinking organizations are abandoning traditional centralized architectures and turning to distributed models with sovereignty and localization at their core to mitigate any data sovereignty concerns. These modern approaches enable granular configuration to address specific regulatory and operational requirements.”
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
UK’s Cyber Resilience Pledge gathers momentum as 60 firms sign up to bolster capabilitiesNews The voluntary pledge sees organizations tightening up their defences, particularly against supply-chain attacks
-
Goldilock Secure expands Irish channel presence through new Frame partnershipNews The agreement extends availability of the vendor's FireBreak technology as organizations face rising AI-driven cyber threats
-
Russian hackers are weaponizing CRMs, Ukraine’s former foreign minister warnsNews Dr Dmytro Kuleba told IT leaders in London that everyday business software is being actively exploited by nation-states
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Wasabi ramps up EMEA channel push with focus on cyber resilienceNews The cloud storage vendor is expanding partner tools and integrations as AI-driven data growth and ransomware threats continue to rise
-
Why cyber resilience isn’t just a defence mechanism: How to create a secure foundation for innovation, tooSponsored Investing in a solid enterprise system that incorporates security by design lets you ensure business continuity while encouraging innovation at pace
-
UK government calls on firms to sign Cyber Resilience Pledge as security sector boomsNews With new figures showing a boom in the country's cybersecurity sector, the government calling on businesses to make the most of the industry’s expertise
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc