Zscaler, Inc., a leader in cloud security, recently published findings from its latest global survey, The Ripple Effect: A Hallmark of Resilient Cybersecurity. Conducted by Sapio Research, the study highlighted a widening gap between what organisations’ perceived as their cyber resilience maturity and their preparedness for increasingly disruptive external risks.
While 90% of respondents report higher investment in cyber resilience over the past year, 61% concede that their strategies remain overly inward-looking, focused largely on protecting internal perimeters. This approach leaves organisations exposed to threats originating from third parties, supply chains, emerging technologies such as artificial intelligence and quantum computing, and broader market volatility.
“Disruptions can now originate far beyond an organisation’s walls”, said Brian Marvin, SVP EMEA at Zscaler. “True resilience must ripple outward across dependency layers such as partners, platforms, and supply chains to absorb external shockwaves before they destabilize operations. By adopting a ‘Resilient by Design’ approach that extends beyond the walls of the enterprise, organisations can embed the capacity to withstand inevitable failure or breach scenarios”.
External risks outpacing internal defences
Organisations are contending with a growing and interconnected risk landscape that includes sophisticated cyberattacks, increasingly complex supply chains, geopolitical uncertainty, and rapid advances in AI and quantum technologies. Nearly two-thirds (63%) of global IT leaders expect a major disruption linked to a supplier or third-party provider within the next 12 months, and 60% have already experienced such an event in the past year.
Yet fewer than half of organisations have meaningfully updated their resilience strategies to address third-party exposure or supply chain instability—areas identified as major external blind spots. Although overall confidence in resilience remains relatively high, only 34% rate their current capabilities as highly effective against supply chain volatility, a figure that drops to 30% across EMEA.
Legacy infrastructure continues to hinder progress. The survey found that 81% of organisations still depend on traditional technologies such as firewalls, VPNs, and perimeter-based security architectures. Additionally, 64% say their existing IT environments limit their ability to respond effectively to breaches, outages, and systemic failures.
AI, Quantum, and Sovereignty pressures increase complexity
Emerging technologies are further testing the limits of current resilience models. More than half (52%) of IT leaders acknowledge that their security systems are not designed to counter advanced threats. The rapid uptake of agentic AI is also creating governance gaps, with 50% of organisations deploying or piloting these capabilities without comprehensive oversight frameworks.
Visibility remains a challenge, as seven in ten organisations lack insight into shadow AI usage, and 56% fear sensitive data leakage through public AI applications. At the same time, 57% have not yet accounted for Post-Quantum Cryptography within their security strategies, despite widespread recognition that encrypted data stolen today may be decrypted in the near future.
Concerns around foreign technology dependence are also shaping resilience priorities. Growing focus on data sovereignty, infrastructure control, and operational autonomy is driving action: 79% of IT leaders are assessing their reliance on foreign technology providers, and six in ten have updated their cyber resilience strategies within the past year to address evolving sovereignty requirements. Regulatory changes such as NIS2, DORA, and GDPR prompted similar updates from 60% of organisations last year.
“While it makes sense that global organisations are nervous to invest in digital transformation in this geopolitical climate, it could result in laggards being behind the curve”, noted James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Forward-thinking organisations are abandoning traditional centralised architectures and turning to distributed models with sovereignty and localisation at their core to mitigate any data sovereignty concerns. These modern approaches enable granular configuration to address specific regulatory and operational requirements”.
Three actions to become ‘Resilient by design’
To address escalating external threats, the report identifies three priority steps for extending cyber resilience beyond the enterprise perimeter through a “Resilient by Design” approach:
- Prioritise visibility: Deploy a unified overlay platform that integrates data security, AI security, third-party risk management, and data sovereignty controls, delivering end-to-end visibility across the entire risk surface, including contractors and supply chains.
- Simplify through a platform model: Separate security from network infrastructure by adopting Zero Trust principles and least-privilege access, enabling organisations to rapidly adjust data flows and business strategies as conditions evolve.
- Future-proof with Zero Trust architecture: Leverage adaptable security architectures that allow new protections—such as GenAI Security and Post-Quantum Cryptography visibility—to be activated from a single management console, supporting continuous evolution as threats emerge.
Zscaler Cyber Resilience Report Methodology
In December 2025, Zscaler commissioned Sapio Research to survey 1,750 IT decision-makers across 14 markets: Australia, France, Germany, India, Italy, Japan, Netherlands, Singapore, Saudi Arabia, Spain, Sweden, UK & Ireland, and the United States. Respondents represented organisations with more than 500 employees across multiple industries.
Source: Cybersecurity Insiders
Image Credit: Stock Image
