In the report "Mind of the CISO: The Future of Cyber Resilience," Trellix reveals that an overwhelming 97% of CISOs believe hybrid infrastructure is essential for enhancing resilience against cyber threats.
Source: The Mind of the CISO: The Future of Cyber Resilience, Trellix 2025
This shift to hybrid models—combining AI innovations with traditional security measures—comes in response to the escalating sophistication of attacks targeting critical industries, particularly at the intersection of operational technology (OT) and information technology (IT).
The report emphasises that as cyber threats become more pervasive, the need for effective risk management strategies is paramount. It highlights that 96% of CISOs agree that merging OT and IT security is vital for protecting critical infrastructure.
However, despite this consensus, only 40% plan to invest in integrating these two domains over the next year, indicating a gap between recognition and action.
“Success requires CISOs to be intentional... securely aligning leadership while developing a strategic approach for unique integration challenges is crucial,” commented Michael Green, CISO at Trellix.
Conducted with insights from over 500 CISOs worldwide, the report identifies critical areas for development. It notes that nearly nine out of ten CISOs (89%) points to ransomware and extortion as key threats, while 88% are concerned about the implications of autonomous AI-driven attacks. Furthermore, 94% agree that these emerging threats necessitate a reevaluation of their cybersecurity and infrastructure strategies.
Roy Luongo, former CISO of the U.S. Secret Service, underscores the urgency of this transformation: “Adopting a strong cyber resilience strategy is not a nice-to-have; it’s a necessity.” He stresses that in today's threat-laden environment, organisations need to bolster their capabilities with hybrid infrastructure and AI-powered defence tools as fundamental elements of their security strategies.
As organisations navigate the complexities of compliance and evolving regulatory landscapes, the report calls for policymakers to mirror this shift in cybersecurity policy and funding. It advocates for holistic investments that not only support private sector initiatives but also strengthen governmental resilience against cyber threats.
The findings underscore a pivotal moment for cybersecurity leadership, emphasising the need for meaningful investments in both technology and talent to address the challenges posed by a constantly changing threat landscape.
