New research from Zscaler indicates that resilience strategies centered primarily on internal defenses are leaving organizations vulnerable to external disruptions stemming from cyber incidents, supply chain compromise, and geopolitical instability.
Key Findings
• 90% of organizations increased cyber resilience spending over the past 12 months, and 96% revised their resilience strategies in response to external pressures during the same period.
• Despite these efforts, only 34% consider their current resilience capabilities highly effective against supply chain volatility, while 52% say their existing security controls cannot defend against advanced threats.
• 69% of organizations report limited or no visibility into “shadow AI,” and 56% are concerned about the exposure of sensitive data.
• 57% have not yet incorporated Post-Quantum Cryptography (PQC) into their security planning, even though 60% acknowledge that data stolen today could be compromised within three to five years.
Zscaler, Inc. (NASDAQ: ZS), a leader in cloud security, has published findings from its latest global survey, The Ripple Effect: A Hallmark of Resilient Cybersecurity. Conducted by Sapio Research, the study highlights a widening gap between organizations’ perceived cyber resilience maturity and their preparedness for increasingly disruptive external risks.
While 90% of respondents report higher investment in cyber resilience over the past year, 61% concede that their strategies remain overly inward-looking, focused largely on protecting internal perimeters. This approach leaves organizations exposed to threats originating from third parties, supply chains, emerging technologies such as artificial intelligence and quantum computing, and broader market volatility.
“Disruptions can now originate far beyond an organization’s walls,” said Brian Marvin, SVP EMEA at Zscaler. “True resilience must ripple outward across dependency layers such as partners, platforms, and supply chains to absorb external shockwaves before they destabilize operations. By adopting a ‘Resilient by Design’ approach that extends beyond the walls of the enterprise, organizations can embed the capacity to withstand inevitable failure or breach scenarios.”
External Risks Outpacing Internal Defenses
Organizations are contending with a growing and interconnected risk landscape that includes sophisticated cyberattacks, increasingly complex supply chains, geopolitical uncertainty, and rapid advances in AI and quantum technologies. Nearly two-thirds (63%) of global IT leaders expect a major disruption linked to a supplier or third-party provider within the next 12 months, and 60% have already experienced such an event in the past year.
Yet fewer than half of organizations have meaningfully updated their resilience strategies to address third-party exposure or supply chain instability—areas identified as major external blind spots. Although overall confidence in resilience remains relatively high, only 34% rate their current capabilities as highly effective against supply chain volatility, a figure that drops to 30% across EMEA.
Legacy infrastructure continues to hinder progress. The survey found that 81% of organizations still depend on traditional technologies such as firewalls, VPNs, and perimeter-based security architectures. Additionally, 64% say their existing IT environments limit their ability to respond effectively to breaches, outages, and systemic failures.
AI, Quantum, and Sovereignty Pressures Increase Complexity
Emerging technologies are further testing the limits of current resilience models. More than half (52%) of IT leaders acknowledge that their security systems are not designed to counter advanced threats. The rapid uptake of agentic AI is also creating governance gaps, with 50% of organizations deploying or piloting these capabilities without comprehensive oversight frameworks.
Visibility remains a challenge, as seven in ten organizations lack insight into shadow AI usage, and 56% fear sensitive data leakage through public AI applications. At the same time, 57% have not yet accounted for Post-Quantum Cryptography within their security strategies, despite widespread recognition that encrypted data stolen today may be decrypted in the near future.
Concerns around foreign technology dependence are also shaping resilience priorities. Growing focus on data sovereignty, infrastructure control, and operational autonomy is driving action: 79% of IT leaders are assessing their reliance on foreign technology providers, and six in ten have updated their cyber resilience strategies within the past year to address evolving sovereignty requirements. Regulatory changes such as NIS2, DORA, and GDPR prompted similar updates from 60% of organizations last year.
“While it makes sense that global organizations are nervous to invest in digital transformation in this geopolitical climate, it could result in laggards being behind the curve,” noted James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Forward-thinking organizations are abandoning traditional centralized architectures and turning to distributed models with sovereignty and localization at their core to mitigate any data sovereignty concerns. These modern approaches enable granular configuration to address specific regulatory and operational requirements.”
Three Actions to Become ‘Resilient by Design’
To address escalating external threats, the report identifies three priority steps for extending cyber resilience beyond the enterprise perimeter through a “Resilient by Design” approach:
• Prioritize visibility: Deploy a unified overlay platform that integrates data security, AI security, third-party risk management, and data sovereignty controls, delivering end-to-end visibility across the entire risk surface, including contractors and supply chains.
• Simplify through a platform model: Separate security from network infrastructure by adopting Zero Trust principles and least-privilege access, enabling organizations to rapidly adjust data flows and business strategies as conditions evolve.
• Future-proof with Zero Trust architecture: Leverage adaptable security architectures that allow new protections—such as GenAI Security and Post-Quantum Cryptography visibility—to be activated from a single management console, supporting continuous evolution as threats emerge.
The complete survey report, The Ripple Effect: A Hallmark of Resilient Cybersecurity, is available for download via the provided link.
Zscaler Cyber Resilience Report Methodology
In December 2025, Zscaler commissioned Sapio Research to survey 1,750 IT decision-makers across 14 markets: Australia, France, Germany, India, Italy, Japan, Netherlands, Singapore, Saudi Arabia, Spain, Sweden, UK & Ireland, and the United States. Respondents represented organizations with more than 500 employees across multiple industries.
____
About Zscaler
Zscaler (NASDAQ: ZS) is a pioneer and global leader in zero trust security. The world’s largest businesses, critical infrastructure organizations, and government agencies rely on Zscaler to secure users, branches, applications, data & devices, and to accelerate digital transformation initiatives. Distributed across 160+ data centers globally, the Zscaler Zero Trust Exchange™ platform combined with advanced AI combats billions of cyber threats and policy violations every day and unlocks productivity gains for modern enterprises by reducing costs and complexity.
Join our LinkedIn group Information Security Community!
