Zscaler has released findings from a recent survey titled “The Ripple Effect: A Hallmark of Resilient Cybersecurity.” The study, conducted by Sapio Research, examines the gap between organisations’ confidence in their cyber resilience strategies and their preparedness for external threats. The report found that 90% of organisations increased their investment in cyber resilience over the past year, while 61% said their strategies remain primarily focused on defending internal environments. According to the survey, this may leave organisations exposed to risks from suppliers, emerging technologies such as AI and quantum computing, and broader market instability.
Organisations worldwide are facing a range of risks, including cyberattacks, complex supply chains, geopolitical uncertainty, and rapid developments in AI and quantum technologies. The survey found that 63% of global IT leaders expect a major disruption caused by a supplier or third-party vendor within the next 12 months, while 60% reported experiencing such an incident during the past year.
Despite these figures, fewer than half of organisations surveyed said they had updated their resilience strategies to address third-party dependencies or instability within their supply chains. Although many organisations expressed confidence in their overall resilience strategies, only 34% said their current measures are highly effective in addressing supply chain volatility. In the EMEA region, this figure falls to 30%.
Legacy infrastructure also remains a challenge. The survey found that 81% of organisations continue to rely on legacy systems such as firewalls and VPNs that are based on perimeter security models. In addition, 64% reported that their current IT architecture limits their ability to respond effectively to breaches, outages, or system failures.
Emerging technologies present additional considerations. According to the survey, 52% of global IT leaders said their current security systems are not equipped to manage advanced threats. The adoption of agentic AI is also raising governance concerns, with 50% of organisations implementing or testing these technologies reporting that they do not yet have robust governance frameworks in place. The survey also found that 57% of organisations have not yet incorporated post-quantum cryptography into their security strategies, despite 60% recognising that data stolen today could be at risk within the next three to five years.
The survey also highlighted issues relating to technology dependencies and data sovereignty. According to the findings, 79% of IT leaders are evaluating their reliance on foreign technology providers. Six in ten organisations reported updating their cyber resilience strategies in the past year to comply with evolving sovereignty laws and regulations.
The report outlines a “Resilient by Design” approach and identifies three areas organisations may consider when developing resilience strategies:
- Prioritise visibility: Implement a unified platform that provides visibility across data security, third-party risk, and broader risk surfaces.
- Simplify with a platform approach: Separate security from network infrastructure and adopt Zero Trust security based on least-privileged access.
- Future-proof with Zero Trust architecture: Use adaptable security frameworks that can introduce new capabilities, such as protections for emerging threats, through centralised management tools.
