With 60% of Businesses Anticipating a Cyber Breach in 2025, Organizations Must Prioritize Resilience Strategies with a Zero Trust Architecture

• 60% of organizations expect to experience a significant failure scenario in the next year.
• 94% of IT leaders ‘believe’ their current cyber resilience measures are effective, yet ransomware attacks continue to rise and cost organizations billions of dollars per year. 
• But only 45% say their cyber resilience strategy is up-to-date in preparation for modern attacks in response to the rise of AI.
• Organizations must more closely examine their ability to respond to advanced cyber breaches, which allow threat actors to access systems, move laterally, and steal sensitive data.

A global survey from Zscaler, the leader in cloud security, has revealed a critical disconnect between IT leader confidence in their organization’s ability to weather upcoming failure scenarios like cyberattacks and the effectiveness of current security approaches. According to the survey conducted by Sapio, which incorporated responses from 1,700 IT decision makers across 12 countries, almost half (49%) of IT decision makers believe their IT infrastructure is highly resilient and 94% think their current cyber resilience measures are effective. Contradicting this confidence, two-fifths (40%) of IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 45% report their strategy is up-to-date in preparation for modern attacks in response to the rise of AI–showing a disconnect between the level of confidence and taking action. With the threat landscape evolving and the devastating impact of ransomware attacks on businesses, organizations must evaluate their ability to respond to and plan for attacks– making it crucial to transition to a zero trust architecture.

Cyber resilience requires greater prioritization and urgency from leadership 
Examining the disconnect between confidence levels and current strategies highlights a lack of investment from organizational leadership as a key friction point. Respondents indicate that a majority of leaders understand the growing importance of having a robust cyber resilience approach, but only a minority (39%) believe it is one of their leaders’ ‘top priorities’. This prioritization is reflected in the amount of budget assigned to cyber resilience strategies, with half of the respondents (49%) agreeing that the level of investment doesn’t meet the escalating need. From a total cost of ownership perspective, this suggests that spending additional funds on a legacy security model that isn’t working requires a new approach which can be accomplished with zero trust.

It is also evidenced by the lack of cyber resilience involvement from leadership. For most organizations, the burden of cyber resilience planning falls to IT leaders and their teams. Fewer than half (44%) of IT leaders say they have the CISO, for example, actively participating in any resilience planning. Further evidence of cyber resilience being siloed is the fact that only 36% of IT leaders say their cyber resilience strategy is included within their organization’s overall resilience strategy.

“The possibility of a major failure scenario for organizations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity. Proactive resilience is essential to address incidents before they threaten business continuity. Cyber resilience is foundational to overall business resilience, and outdated firewalls and VPNs allow persistent attacks, making a zero trust architecture crucial for defending against advanced threats. Leadership must collaborate with IT teams to develop a strong cyber resilience strategy based on Zero Trust, preparing for and mitigating the impact of sophisticated AI-driven attacks.  We call this becoming ‘Resilient by Design’.”

Prevention is overprioritized compared to response & recovery
The majority (60%) of IT leaders believe their organization overly prioritizes prevention – with splits showing that over two fifths (43%) of cyber security strategies and budgets are focused on prevention, at the expense of response or recovery. This suggests that most organizations are not prepared for what would happen if a failure occurred and would struggle to recover business operations as quickly as needed. Even among those organizations focusing their efforts on prevention, fewer than half are deploying each of the following proactive security tools to contain the blast radius of cyberattacks and mitigate further damage: risk hunting (44%), Zero Trust micro segmentation (42%,) and deception technologies (35%).

“With the growing threat landscape including AI-based attacks and continued pressure to digitize not likely to abate any time soon, our attack surfaces are still expanding beyond our control. A robust and proactive resilience strategy, underpinned by a zero trust architecture, ensures a foundation that won’t crumble even in the wake of a successful attack, that can be remediated faster”, said James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Therefore organizations need to transform their network and security architecture and adopt a zero trust ‘Resilient by Design’ approach to weather the dangers of a digital future.”

A Zero Trust architecture enables a ‘Resilient by Design’ approach
To mitigate cyber resilience risk, organizations should embed visibility and control into their security strategy. Understanding failure scenarios more quickly and thoroughly based on the insights from an AI-powered cloud security platform to mitigate the blast radius of an incident strengthens the resilience posture. This outcome is what Zscaler enables with a ‘Resilient by Design’ approach. Because cyber threats evolve and advance so quickly, Zscaler leverages AI to dynamically adjust access based on changing risk. The Zscaler Zero Trust Exchange reduces risk across all four stages of the attack chain and supports a ‘Resilient by Design’ approach:

• Minimize the attack surface
• Prevent initial compromise
• Eliminate lateral movement
• Stop data loss

The full survey report  ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’ can be downloaded via this link.

Zscaler Cyber Resilience Report Methodology
In December 2024, Zscaler commissioned Sapio Research to conduct a survey of 1,700 IT decision makers (IT leaders) across 12 markets (Australia, France, Germany, India, Italy, Japan, Netherlands, Singapore, Spain, Sweden, UK & Ireland, US). These IT leaders work at companies with 500+ employees and across industries.