Summary Bullets:

• In a survey of 2,286 technology and security-focused executives, Accenture reports that only 34% have a mature cybersecurity strategy.
• Just 20% say they are confident in their ability to protect their generative AI (GenAI) models from a breach.

Artificial intelligence (AI) presents as a double-edged sword for many enterprises. The technology has the potential to revolutionize business processes and drive further innovation but is protecting the model from advancing threats that could compromise the integrity of data output. This is a daunting challenge that few organizations have a handle on today. Add threat actors harnessing AI for their own nefarious purposes to the mix, and the situation becomes much more daunting for the enterprise.

Summary Bullets:

• IT security teams contend with managing dozens of individual security solutions, often with less than stellar results.

• In a recent study conducted by IBM and Palo Alto Networks, 52% of the surveyed executives call out complexity as being the biggest obstacle to effective security.

Cybersecurity has never been a simple exercise. As enterprises have evolved to become distributed and virtual, the perimeter has faded, and IT has had to find new ways to protect enterprise assets. The move to hybrid and remote operations in recent years has only complicated this further. Add budget pressure and limited internal security expertise, and the pressure becomes that much more intense.

Summary Bullets:

• In its report on the outlook for cybersecurity in 2025, the World Economic Forum observed enterprises are contending with a daunting threat environment while simultaneously trying to cover gaps in their internal security skill sets.

• Based on a survey of 321 security professionals and more in-depth interviews with 43 CISOs, the research highlighted discrepancies in the level of confidence in their cyber resilience by organizational size.

Findings from the World Economic Forum (WEF)’s Global Security Outlook Report 2025, conducted in partnership with Accenture, underscores the challenges enterprises and smaller organizations are facing amid global turmoil, relentless threat actors, and fast-evolving technology innovation. The results of the WEF survey of security professionals in 57 countries also show major differences in organizations based on size. Thirty-five percent (35%) of small organizations are concerned that their cyber resilience is lacking, seven times more than in 2022. Large enterprises report the opposite, with half as many saying their cyber resilience was unsatisfactory.

Summary Bullets:

• In a published blog, Lumen says its Black Lotus Labs has identified an active exploitation of a zero-day vulnerability in its Versa Director servers, which orchestrate its SD-WAN network services.

• Though the company, attributing the attack to threat actors Volt Typhoon backed by China, didn’t specify which of its clients would have been affected, others suggest the attack may have penetrated the infrastructure supporting sensitive government wiretapping communications.

Reports circulated this summer that state-sponsored cybercriminals connected to China hacked into US federal government resources via major telecom providers’ networks. Last week, it was revealed by several journalism sources including the Wall Street Journal that the target of the activity was federal government communications related to court-ordered network wiretapping applications that the hackers accessed through AT&T, Lumen, and Verizon’s networks. Though no one with direct knowledge of the situation was named, anonymous sources say the threat actors could have been tapped into the networks months ago.

Summary Bullets:

• A recent RiskRecon study of 1,454 serious ransomware cases finds that healthcare provider organizations account for more than 18% of these incidents, by far the most targeted sector.

• Geography was not a factor with healthcare providers under fire around the globe.

As an industry, healthcare is not exactly known as information technology-forward. The sector lags other verticals in IT adoption and innovation outside of medical technology, extending to cybersecurity where gaps in controls have rendered healthcare institutions vulnerable to ransomware and other types of attacks. Recently published research from risk management provider RiskRecon bears this out, showing that more than any other segment, healthcare providers are targeted in what the company terms “destructive ransomware events” in which the compromised institution’s operations are disrupted because of encryption of essential systems. The study, examining 1,454 destructive ransomware events that have occurred between 2016 and 2023, find that even if an organization has an excellent security posture itself, if there are any vulnerabilities in its supply chain, then it could be successfully targeted.

Summary Bullets:

• In a survey of more than 1,000 large industrial organizations, Cisco finds that 89% of all organizations label OT cybersecurity as either very or extremely important.

• Eighty-seven percent (87%) say that they will have a unified cybersecurity approach by 2026 for information technology (IT) and operational technology (OT) networks.

A rash of high-profile cyberattacks on industrial organizations is driving a renewed understanding of the criticality of having an effective security strategy. In its survey of decision makers from 1,000 large organizations, Cisco notes that the overwhelming majority label cybersecurity as a top priority. Many – 37% – see cybersecurity risks as a barrier to growth. Forty percent (40%) worry about the scarcity of skilled workers stalling expansion plans.