Is your business strategy resilient by design?

Justin Brooks at Zscaler explains why organisations need to invest in cyber-resilience strategies that are prepared for failures, including power outages and successful cyber-attacks

 

For the last few years, business leaders have been grappling with significant economic and geopolitical challenges, and 2025 doesn’t look like it will offer any relief in this regard. The cost of living is rising, inflation is climbing, and political tensions are affecting trade agreements across the globe.

 

While it’s understandable for those at the top to focus on these external threats, leadership teams risk overlooking internal issues if their organisation’s cyber-resilience strategy isn’t up to par.

 

Despite the considerable efforts of IT and security teams in protecting against cyber-attacks and operational volatility, the new reality is that every organisation will inevitably face a failure scenario in the not-too-distant future—be it a cyber-breach, power outage, or worse.

 

Facing this, it’s crucial for business leaders to invest in a cyber-resilience strategy that is prepared for such failure, mitigating any future blast radius as much as possible, and ensuring the organisation is set-up for swift and efficient damage control in advance, versus scrambling around in reactive mode.

 

Executive ownership—not just IT’s attention

In December 2024, Zscaler conducted a cross-industry survey of 1,700 IT leaders in 12 global markets to uncover the state of cyber-resilience within today’s organisations. Highlighting a worrying gap between cyber-resilience confidence levels and the effectiveness of current security approaches, the research revealed a lack of investment from organisational leadership as one of the chief contributing factors.

 

While respondents understood the growing importance of a robust cyber-resilience approach, only 39% felt it was a top priority for their leadership team. This was backed up by almost half (49%) agreeing that the level of financial investment in cyber-resilience doesn’t meet the escalating need, and by only 36% saying their cyber-resilience strategy is included within their organisation’s overall resilience strategy. 

 

This neglect isn’t due to a lack of evidence. The research warned that almost two-thirds (60%) of IT leaders expect their organisation to experience a significant failure scenario within the next twelve months, and 45% had already experienced one in the past six months.

 

And yet, despite acknowledgement from the wider cyber-security community of the growing threat of AI-based cyber-attacks, only 45% of IT leaders say that their cyber-resilience strategy is up to date with the rise in this technology. To make matters worse, two-fifths (40%) of respondents also admitted to not having reviewed their cyber-resilience strategy in the last six months.

 

Without board-level support and understanding of the potential impact of a weak cyber-resilience strategy, IT teams are always going to be on the backfoot. Greater investment is needed to ensure that teams can threat hunt all the evolving vulnerabilities within their organisation and build a sustained, proactive cyber-resilience strategy that aligns with the wider business strategy.

 

Any cyber-resilience strategy that operates in a silo isn’t going to be fit-for-purpose and may result in a failure scenario lasting for longer as business essential technology isn’t prioritised within the legacy resilience strategy.

 

Adopt a ‘Resilient by Design’ approach

To mitigate growing cyber-resilience risk, leadership teams must invest in embedding visibility and control into their security solutions’ very fabric. This is enabled through an approach we call ‘Resilient by Design,’ which starts by moving to a modern zero trust architecture. 

 

This approach removes IT and cybersecurity complexity for IT teams, which is the main barrier to enhancing cyber-resilience. It eliminates traditional security dependencies such as firewalls and VPNs to reduce the organisation’s attack surface, while streamlining operations and cutting infrastructure costs. And it allows IT teams to focus on strategic initiatives rather than maintaining outdated security controls. 

 

However, a ‘Resilient by Design’ approach isn’t just about supporting IT to reduce technological complexity. It is also about building a proactive leadership mindset around failure.

 

It doesn’t matter how many safeguards your IT team have in place, as leadership, you must instigate regular disaster recovery exercises at least twice a year to ensure all parties understand their roles and responsibilities in a crisis and are aware of the communication protocols to reduce failure time to a minimum. These exercises will identify any confusion and shortcomings, so they can be ironed out ahead of a real incident.

 

By partnering with them to plan for failure, leadership teams can better equip their IT functions to take immediate action; understanding exactly what the failure scenario is and where it is, and then having supportive tech solutions already in place to stop it in its tracks before it becomes a full-scale incident.

 

Prioritising cyber-resilience

In today’s business environment, leadership teams must prioritise cyber-resilience, ensuring it is adequately funded and integrated across all elements of the organisation.

 

The ‘Resilient by Design’ architecture enables businesses to move beyond the traditional detect-and-respond approach to threats, arming IT teams with the necessary tools for swift containment, effective response, and minimal disruption during failure scenarios.

 

Organisations that adopt this principle will find themselves better able to withstand adversity, adapt operations, and confidently navigate challenges, ready to thrive in any situation. For business leaders, that represents a significant competitive advantage. 

 

---

 

Justin Brooks is VP UK & Ireland at Zscaler

 

Main image courtesy of iStockPhoto.com ArtemisDiana