- Car owners are bullish on AI agents repairing the US auto industry - here's why
- 15 Months of Powerful Cyber Protection and Backup for Only $30
- This is the cheapest Android tablet I've ever tested - and it's surprisingly capable
- Grok 3 AI is now free to all X users – here's how it works
- Do data centers threaten the water supply?
IT infrastructure complexity hindering cyber resilience
The complexity of IT and security infrastructure was highlighted as the greatest obstacle to achieving cyber resilience according to new research, Unlock the Resilience Factor from Zscaler. Forty-three percent of 1,700 IT and security leaders worldwide ranked the challenge as a major barrier to an improved ability to recover from serious cyber events, nine percentage points above the second-placed issue: legacy security and IT issues.
The survey results underscore the pressing need for organizations to rethink their approach and shift towards resilience by design.
Resilience red flag
Despite the obstacles, nearly half of IT leaders (49%) believe their infrastructure is highly resilient, and a further substantial portion (43%) consider it somewhat resilient. However, this perception of resilience must be backed up by robust, tested strategies that can withstand real-world threats.
One major gap in the findings is that four in ten respondents admitted their organization had not reviewed its cyber resilience strategy in the last six months. Given the rapid evolution of cyber threats and continuous changes in corporate IT environments, failing to update and test resilience plans can leave businesses exposed when attacks or major outages occur.
The importance of integrating cyber resilience into a broader organizational resilience strategy cannot be overstated. With cybersecurity now fundamental to business operations, it must be considered alongside financial, operational, and reputational risk planning to ensure continuity in the face of disruptions.
Expectation of disruption
Limited investment in cyber resilience remains a challenge, despite rising security budgets overall: nearly 49% of U.S.-based IT leaders globally believe their budget for cyber resilience is inadequate. India (67%) expressed the greatest concern.
A lack of budget cannot be put down to a lack of evidence of need. Over the past six months, 45% of respondents worldwide said their organization experienced a cyber incident, with the highest rates reported in Sweden (71%) and Germany (53%).
Leaders also expect to face adversity in the near future with 60% anticipating a significant cybersecurity failure within the next six months, which reflects the sheer volume of cyber attacks as well as a growing recognition that cloud services are not immune to disruptions and outages. Expectations vary by region—ranging from 68% in Sweden to 33% in France and the UK & Ireland—but the overall consensus is clear: resilience is no longer optional, but essential.
Resilience by design: A path forward
Improving an organization’s ability to rebound after an incident starts with moving to a modern zero trust architecture, which achieves several key outcomes. First and most importantly, it removes IT and cybersecurity complexity–the key impediment to enhancing cyber resilience. Eliminating traditional security dependencies such as firewalls and VPNs not only reduces the organization’s attack surface, but also streamlines operations, cuts infrastructure costs, and improves IT agility. Zero trust allows security teams to focus on strategic initiatives rather than maintaining outdated security controls.
The second big win is the inability of attackers to move laterally should a compromise at an endpoint occur. Users are verified and given the lowest privileges necessary each time they access a corporate resource, meaning ransomware and other data-stealing threats are far less of a concern.
The potential for a cloud outage due to natural or human-made disruptions, including cyber attacks and sabotage, persists, and cloud service purchasing decisions are often driven by feature sets rather than resilience. A nuanced approach is needed: while a four-hour outage of an internal HR platform may be tolerable, the same disruption to core communication systems could be catastrophic.
Due to the criticality of its services, Zscaler prioritizes security and reliability in its development strategy. Through building and owning its cloud infrastructure, Zscaler maintains complete control over its core offerings, meaning no single data center outage can disrupt customer operations.
Identify shortcomings through testing
By designing for scale and automation, Zscaler provides tools that help businesses minimize downtime. Many of its 7,500 customers experience 100% uptime because they fully leverage the resilience and reliability best practices, integrations, and automation tools that Zscaler offers.
Further, customers can host their own private failover cloud instances should the Zero Trust Exchange become unreachable, allowing for continued access and policy enforcement, even if Zscaler experiences an outage.
Regardless of safeguards, regular disaster recovery exercises—conducted twice yearly—should define roles, responsibilities, and communication protocols to prepare teams for potential crises. Exercises identify shortcomings that can be addressed ahead of a real incident.
Organizations must move beyond a reactive mindset. By embedding resilience into their cybersecurity DNA—through Zero Trust, vendor scrutiny, and continuous testing—businesses can safeguard operations against inevitable disruptions.
To learn more, visit us here.
