At the TED Conference in Vancouver this year, the Radical Innovators foundation brought together over 60 of the world’s leading CHROs, CIOs, and founders to discuss how emerging technologies like AI and quantum computing can enhance our lives. Despite the positive focus, the forum also addressed a more concerning topic: how these same technologies could amplify cybersecurity threats. Jeff Simon, CISO of T-Mobile, led a session on the future of security, engaging tech executives on the growing risks.
The urgency of this discussion was underscored by alarming data from Proofpoint, which showed that 94% of cloud customers faced cyberattacks monthly in 2023, with 62% suffering breaches. This illustrates the increased risk posed by emerging technologies in the wrong hands. The sentiment from attendees was clear: successful cyberattacks are now inevitable, and the traditional focus on preventing breaches is no longer sufficient.
Ajay Waghray, CIO of PG&E Corporation, emphasized a shift in mindset, suggesting that organizations must operate under the assumption that their systems are already compromised.
He proposed a new approach centered around “cyber resilience,” which goes beyond stopping breaches to maintaining business continuity and strengthening organizational resilience during and after attacks.
The concept of cyber resilience aligns with lessons learned during the pandemic, where resilience was about not just recovery, but coming back stronger. Bipul Sinha, CEO of Rubrik, a leading cyber resilience firm, believes organizations must know where sensitive data resides and evolve security policies to stay ahead of future threats. He argues that preparedness, including preemptive planning and strategic evolution after an attack, is crucial for continued business operations.
Venture capital firms like Lightspeed Venture Partners are also recognizing this shift towards cyber resilience. Co-founder Ravi Mhatre highlights the firm’s investments in companies like Rubrik, Wiz, and Arctic Wolf, which focus on advanced threat mitigation and containment. Mhatre believes that cybersecurity now requires a more dynamic approach, moving beyond the idea of a strong perimeter to embrace evolutionary thinking.
Waghray identifies four core elements of a cyber resilience strategy: planning, practice, proactive detection, and partnerships.
These components serve as essential starting points for companies looking to adopt a cyber resilience posture, ensuring they are prepared to adapt, respond, and recover from the inevitable cyber threats of the future.