Most Organizations Unprepared for External Cyber Risks and Supply Chain Disruptions

A new industry report reveals widening gaps between perceived preparedness and real-world external cyber risks.

Security

Key Takeaways:

  • Most resilience strategies still prioritize internal defenses over external ecosystem risks.
  • Heavy supplier reliance isn’t matched by updated risk controls or adequate coverage.
  • AI adoption and future threats like quantum risks are moving faster than preparedness.

More than six in ten organizations admit their cyber resilience strategies are still too internally focused, which leaves them exposed to risks that originate beyond their own walls. As external threats accelerate, this inward‑looking approach is creating a widening gap between perceived preparedness and the realities of today’s interconnected risk landscape.

According to a new report from cloud security firm Zscaler, organizations are increasingly susceptible to external shockwaves, including supply chain attacks, cybersecurity incidents, and geopolitical uncertainty. 61% of businesses admit their resilience strategies emphasize internal defense rather than external threat readiness.

Many organizations now rely heavily on third‑party providers, yet fewer than half have updated their resilience strategies to match this growing dependence. This gap has real consequences, with 60% experiencing a significant supplier‑related disruption in the past year. However, only 54% of organizations have cyber insurance that covers third‑party compromise, which leaves many exposed if a partner is breached.

AI adoption outpaces security governance

According to the report, over half of IT leaders report that their current security controls are not equipped to defend against advanced threats such as AI‑driven attacks or the future risks posed by quantum computing. At the same time, the adoption of AI tools is accelerating, but many organizations are deploying agentic AI without proper oversight, and up to 70% lack visibility into shadow AI activity. Moreover, 57% of organizations have yet to integrate Post‑Quantum Cryptography into their security strategies, even though they recognize that data stolen today could be vulnerable within just a few years.

Additionally, market instability, shifting regulatory demands, and geopolitical uncertainty are pushing organizations to adjust their resilience strategies at a rapid pace. Despite this increased attention, much of the planning remains reactive rather than proactive, which leaves many businesses struggling to keep up with evolving external pressures.

Experts also emphasize that resilience must extend beyond an organization’s internal perimeter to include all operational dependencies. True resilience means building systems that not only protect against threats but also maintain functionality even when facing supplier outages, rapid technological change, or other external disruptions.

Preparing for Post-Quantum and future threats

Organizations are encouraged to shift from inward‑focused security measures to a Resilience‑by‑Design approach that accounts for the full ecosystem of partners, platforms, and supply chain dependencies. This means reassessing resilience strategies to ensure they extend beyond internal systems, actively updating third‑party risk controls, and strengthening preparedness for external disruptions such as supplier outages or geopolitical shocks.

Lastly, organizations should modernize their security posture to keep pace with rapidly evolving technologies. This includes implementing strong governance around AI adoption, increasing visibility into shadow AI use, and preparing for future risks by integrating Post‑Quantum Cryptography into long‑term security planning.