By Byron V. Acohido

This is the third installment in our four-part 2025 Year-End Roundtable. In Part One, we explored how accountability got personal. In Part Two, we examined how regulatory mandates clashed with operational complexity.

Part three of a four-part series.

Now we turn to resilience. For all the boardroom talk of “cyber resilience” in 2025, cracks kept showing. AI integrations moved faster than safeguards. Supply chain exposures widened. Talent constraints deepened. And the cadence of overlapping disruptions — whether criminal, accidental, or geopolitical — only accelerated.

What our contributors shared here goes beyond incident response or continuity checklists. These are lived accounts from leaders confronting persistent fragility: the invisible dependencies, the overhyped tech, the forgotten fail-safes. They describe where resilience broke down — and what helped bend the curve back toward readiness.

Once again, we’re privileged to host a standout group of security executives, technologists, and advisors whose clarity and candor help make sense of a chaotic year.

Sprague

Kara Sprague, CEO, HackerOne

Security budgets are shifting toward controls that deliver measurable risk reduction. Continuous validation becomes essential because static defense cannot keep up with threat velocity or expanding attack surface. Leaders now ask which controls survive budget cuts and which provide real exploitation insight. Exposure management moves from a theoretical model to an operational priority. The win is faster remediation based on what attackers could exploit, not what audits uncovered months later.

Pimplaskar

Innovative security solutions have often been too expensive for SMBs and critical sectors, but architectural advances now level the field. Spread spectrum concepts adapted for public cloud can split traffic, encrypt channels, and randomize pathways to limit blast radius during incidents. Situationally aware infrastructure that self heals enables resilience without specialized tools or large teams. Zero touch provisioning lets organizations enforce policy quickly and maintain continuity under stress.

Aminian

Negin Aminian, Senior Manager of Cybersecurity Strategy, Menlo Security

Traditional security does not keep up with how users actually work across cloud, SaaS, and remote environments. Threat actors exploit web and browser pathways that legacy controls cannot fully see. The answer is moving protection closer to users and application access. Organizations need real visibility into user actions and risky destinations. Resilience depends on securing everyday activity at the edge instead of relying on older perimeter models that no longer apply.

Edward Wu, CEO, Dropzone AI

The cybersecurity poverty line is real and it shows up in human capacity. Large enterprises scale automation and Zero Trust while under-resourced teams face the same threats with fewer people. Multiagent AI gives smaller teams relief by taking routine triage and first-pass investigation. That time back lets them improve posture instead of firefighting. AI agents are not replacing staff. They are helping small teams breathe and raise resilience.

Sood

Aditya K. Sood, VP of Security Engineering and AI Strategy, Aryaka

Autonomous agents are about to introduce new internal and external attack paths. Prompt interference, context poisoning, and insecure APIs could turn everyday operations into vulnerable surfaces. At the same time, shadow AI and unverified automation make data exposure easier than anyone expects. Offensive AI is becoming persistent as models get cheaper and more adaptable. Staying ahead requires real AI security controls rather than assuming these systems behave safely by default.

Kudinoor

Arjun Kudinoor, Quantum Security Advisor, Protegrity

Post quantum cryptography is moving fast at large enterprises and government agencies, but smaller organizations are not equipped for the transition. Shor’s algorithm will break today’s public key systems once large quantum computers arrive, yet the operational work of migrating is the real risk. Threading PQC through legacy systems, vendors, and automation exposes weakest link problems. NIST guidance helps, but under-resourced sectors could remain vulnerable.

, CISO, Deepwatch

Cyber risk today goes far beyond a compliance checklist. I see resilience break down when policy drifts away from how teams actually operate. As cyber conflict becomes a national security concern, fragmented mandates strain resources and slow response at the worst moments. What works are unified frameworks that reflect operational reality and help leadership act quickly. When policy creates friction instead of clarity, resilience suffers when it matters most.

Boehm

Complexity is now outpacing available talent across enterprise environments. Even large organizations struggle to maintain consistent controls across cloud, identity, network, and OT. Automation and zero trust matter because you cannot hire your way out of this. Identity based segmentation and adaptive access enforce policy where people cannot. Under resourced organizations need controls that operate at machine speed. Manual defense will not protect environments that change daily.

Kalyur

Asha Kalyur, VP Marketing, Zenarmor

The resilience gap widened because enterprises enabled Zero Trust automation while SMBs struggled with SASE models that demand skills they do not have. Users disable sluggish VPNs and create new attack paths. This is not only about talent. It is design. Millions of small organizations face advanced adversaries with partial security. We need architectures that deploy in minutes, enforce locally, and make resilience universal instead of dependent on enterprise scale.

Petro

Dan Petro, Senior Security Engineer, Bishop Fox

AI is now both a threat and a tool. We are already seeing attackers use generative AI to accelerate vulnerability discovery and scale their efforts. Defense teams need AI copilots to keep pace. Automation should handle the repetitive work so people can focus on what is actually exploitable. The future of testing is not more scans. It is pairing speed with human judgment to hit the risks that truly matter.

Tyson

Dave Tyson, Chief Intelligence Officer, iCOUNTER

Organizations still struggle because they do not fully understand which assets matter most or how threat actors target them. Ransomware groups focus on the systems that drive revenue and operations, so resilience depends on identifying those dependencies first. Teams need threat modeling tied to business impact instead of generic controls. If you cannot connect attacks to operational consequences, you cannot prioritize defenses, and resilience becomes reactive instead of strategic.

Bellini

David Bellini, CEO, CyberFOX

I see two different security worlds right now. Global enterprises can survive major incidents because they have reserves and response teams. Smaller organizations are one attack away from shutting down. The same threat actors target everyone and AI gives them scale. This is not just a small business problem. It threatens supply chains and community services. We need practical security that organizations of every size can manage and afford

Herzog

Eric Herzog, CMO, Infinidat

Enterprise resilience is falling behind because cybercriminals now target storage directly, including backups. Many teams still assume backup equals recovery, but corrupted data can be restored without detection. Modern attacks focus on primary and secondary storage, so relying on legacy approaches leaves a serious gap. Next generation data protection uses immutable snapshots, logical air gapping, and rapid recovery. Storage security becomes central, not a secondary step after perimeter defense.

Marketos

Gerasimos Marketos, Chief Product Officer, Hack The Box

The resilience gap is widening as AI becomes embedded across operations faster than teams can adapt skills. Organizations with strong AI proficiency already gain advantages in defense and efficiency. The demand for expertise across cloud, IoT, and emerging domains keeps outpacing supply. Relying only on hiring will not close the gap. Upskilling, retention, and AI assisted learning become core strategies. Resilience turns into continuous training and collaboration rather than static preparedness.

Amit

Ian Amit, CEO, Gomboc AI

Accountability shifted to builders in 2025. CISOs face personal liability while engineering teams fix repeat cloud misconfigurations with limited support. The divide is automation. Large enterprises built secure defaults into pipelines and moved faster. Smaller teams struggle with noisy tools, complex IaC, and endless audits. Scanning does not create resilience if nothing gets fixed. The only sustainable path is infrastructure-level controls and deterministic automation where real work happens.

, VP of Intelligence, Flashpoint

The infostealer economy has fully industrialized the attack chain, turning initial compromise into a low cost commodity. Many incidents in 2025 traced back to credentials pulled from infostealer logs. That makes digital trust practical, not theoretical. Teams need to know exactly who can access which resources. Looking ahead to 2026, identity is the perimeter to watch, and security teams must actively hunt for compromised credentials before attackers put them to use.

Pratt

Ian Pratt, Global Head of Personal Systems Security, HP Wolf Security

Cookie and token theft is becoming a primary path into enterprise systems because attackers move faster than defenses meant for passwords alone. Privileged users are at the highest risk since a single stolen browser session can open the door to catastrophic breach. Best practices like Privileged Access Workstations are unevenly deployed and not foolproof. Organizations need stronger isolation and attestation to contain compromise and protect critical administrative access.

Plouffe

James Plouffe, Principal Analyst, Security and Risk, Forrester

Security spending keeps rising overall, but SMB budgets have stayed flat while larger firms expand. Managed security services are used at similar rates, yet smaller businesses depend on them more and still carry more existential risk. A serious incident might mean a bad quarter for a large enterprise, but it could close a small business permanently. The long-term danger is chilling entrepreneurship in sectors already vital to economic growth.

Liford

Jeff Liford, Senior Director of Incident Response, Fenix24

Most organizations still treat resilience like backup planning, but recovery is where the real damage happens. Attackers understand business dependencies, so they target systems that matter most. The difference between recovering in days or weeks now decides revenue loss and operational credibility. Rapid restoration and validated clean data should be part of everyday preparation, not emergency improvisation. Resilience depends on business continuity decisions that get tested long before an incident.

Wilson

John Wilson, Senior Fellow, Threat Research, Fortra

Enterprises are automating and building stronger defenses, while smaller businesses remain exposed to increasingly personalized attacks. AI can tailor extortion based on a victim’s personal details, financial limits, and emotional triggers, creating highly convincing threats. Well funded organizations can invest in prevention, but under resourced sectors may face targeted campaigns that cause real harm. The result is a growing divide where attackers focus on the most vulnerable and ripple effects spread outward.

Greene

Kevin E. Greene, Chief Cybersecurity Technologist, BeyondTrust

Most threat intelligence is still reactive and driven by past attacks. Adversaries share tools and tactics faster than defenders. Fragmented approaches leave organizations a step behind because intelligence does not flow across sectors at the speed of the threat. We need proactive models that combine government, industry, and critical infrastructure insights. Resilience depends on producing and sharing intelligence before attackers exploit new techniques, not only documenting what happened last time.

Heddy

Nick Heddy, Chief Commercial Officer, Infinidat

Ransomware keeps proving that traditional backups are not enough when attackers corrupt primary and secondary copies. The real issue is how quickly a business can return to clean data and resume operations. Recovery time is now the deciding factor for reputation and revenue. Immutable storage and cyber-resilient architectures make recovery fast and predictable. That shift turns storage into a resilience control rather than a passive repository waiting for disaster.

Mo

Nick Mo, CEO, Ridge Security

Attackers weaponized AI at speed and scale in 2025, automating reconnaissance and exploiting continuously. Defenders are restricted by compliance while adversaries run unconstrained. Small and mid sized organizations bear the brunt because they lack operational flexibility and face the same threats as large enterprises. This imbalance becomes systemic risk. The weakest node invites deeper compromises across the ecosystem. Without matching automation and intelligence, the resilience gap may become insurmountable.

 Exabeam

Compute drain attacks could bankrupt organizations by forcing massive GPU and API usage instead of flooding networks. Shadow AI infrastructure may look like normal traffic until billing explodes. At the same time, easy development will let millions ship code with little security knowledge. Smaller organizations will feel the impact first. Resilience depends on knowing when AI workloads are being abused and how fast costs can spiral before anyone notices.

Stoffer

Vincent Stoffer, Field CTO, Corelight

Large enterprises invest heavily in early detection and response, while smaller organizations face the same adversaries with fewer tools and less capacity to remediate. Advanced actors target both, but consequences land harder on the under resourced. AI will fuel more attacks in 2025, yet it also gives smaller teams a chance to scale skills and automation. The gap widens, but AI enabled defense may help level the field.

Teevan

Application management has not changed much in twenty years, and that creates risk as environments grow more distributed. Modern delivery models tie access to identity instead of devices, which gives teams better visibility into versions, rollbacks, and integrity. Regulators are starting to expect that level of detail. Even smaller organizations can adopt these approaches because they sit on top of existing platforms. Stronger control becomes achievable without rebuilding the entire stack.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: This feature was assembled with the assistance of ChatGPT, using human-led editorial judgment to shape, refine, and voice-check each entry.)

December 15th, 2025 | My Take | Top Stories