Majority Of Businesses Expect A Cyber Breach In 2025

New research from cloud cybersecurity specialist Zscaler has painted a depressing business outlook of the current cyber threat landscape.

In its new survey, ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’, revealed that 60 percent of global organisations expect to experience a significant cyber failure in the next 12 months.

Zscaler surveyed 1,700 IT decision makers across 12 countries, and the findings revealed a concerning disconnect between IT leaders’ confidence in their cyber resilience and the reality of their preparedness.

Cyber concerns

Zscaler said that it’s report findings show that a fundamental shift in approach and mindset is needed – to make cyber resilience a vital part of security strategies from the start; equal in focus to prevention.

Zscaler labels this being ‘Resilient by Design’ – a strategy that equips businesses to proactively plan for failure scenarios in the face of today’s ‘when not if’ cyber threat landscape and volatile operating environment – and uplevels the position of cyber resilience within organisations accordingly.

Zscaler noted that with 60 percent of businesses anticipating a cyber breach in 2025, organisations must prioritise resilience strategies with a zero trust architecture.

Zscaler’s survey also revealed that almost half (49 percent) of IT decision makers believe their IT infrastructure is highly resilient.

Furthermore, 94 percent of IT leaders ‘believe’ their current cyber resilience measures are effective, yet ransomware attacks continue to rise and cost organisations huge amounts of money each year.

But contradicting this confidence, two-fifths (40 percent) of IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 45 percent report their strategy is up-to-date in preparation for modern attacks in response to the rise of AI–showing a disconnect between the level of confidence and taking action.

Management commitment

This need to bolster cyber resilience requires buy-in from senior management, and the good news is the Zscaler survey found that respondents indicate that a majority of leaders understand the growing importance of having a robust cyber resilience approach.

But only a minority (39 percent) believe it is one of their leaders’ ‘top priorities’. This prioritisation is reflected in the amount of budget assigned to cyber resilience strategies, with half of the respondents (49 percent) agreeing that the level of investment doesn’t meet the escalating need.

From a total cost of ownership perspective, this suggests that spending additional funds on a legacy security model that isn’t working requires a new approach which can be accomplished with zero trust, noted Zscaler.

And for most organisations, the burden of cyber resilience planning falls to IT leaders and their teams.

Fewer than half (44 percent) of IT leaders say they have the CISO, for example, actively participating in any resilience planning.

And further evidence of cyber resilience being siloed is the fact that only 36 percent of IT leaders say their cyber resilience strategy is included within their organisation’s overall resilience strategy.

Proactive resilience

“The possibility of a major failure scenario for organisations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity.”

“Proactive resilience is essential to address incidents before they threaten business continuity,” said Chaudhry. “Cyber resilience is foundational to overall business resilience, and outdated firewalls and VPNs allow persistent attacks, making a zero trust architecture crucial for defending against advanced threats. Leadership must collaborate with IT teams to develop a strong cyber resilience strategy based on Zero Trust, preparing for and mitigating the impact of sophisticated AI-driven attacks. We call this becoming ‘Resilient by Design’.”

“With the growing threat landscape including AI-based attacks and continued pressure to digitise not likely to abate any time soon, our attack surfaces are still expanding beyond our control,” added James Tucker, head of EMEA CISOs in Residence at Zscaler.

“A robust and proactive resilience strategy, underpinned by a zero trust architecture, ensures a foundation that won’t crumble even in the wake of a successful attack, that can be remediated faster”, said Tucker. “Therefore organisations need to transform their network and security architecture and adopt a zero trust ‘Resilient by Design’ approach to weather the dangers of a digital future.”

Zscaler said that its Zero Trust Exchange reduces risk across all four stages of the attack chain and supports a ‘Resilient by Design’ approach:

• Minimise the attack surface
• Prevent initial compromise
• Eliminate lateral movement
• Stop data loss