For cybersecurity leaders, particularly those working with defense, intelligence, and critical infrastructure, the definition of “cyber resilience” is undergoing a forced evolution. It is no longer a theoretical concept centered on withstanding a single blow. Today, resilience is the urgent, practical capacity to sustain operations amidst a relentless barrage of cyberattacks where the primary goal is both theft and disruption.
This shift in adversary strategy changes everything. In boardrooms across Europe, the dialogue has pivoted. The familiar query — “Are we protected?” — now yields to more urgent anxieties, sharpened by directives like NIS2 and the upcoming UK Cybersecurity and Resilience Bill1: “Can we recover?” “How severe will the disruption be?” “How quickly can our services resume?” Answering these questions requires a new defensive playbook, one built for an era where artificial intelligence (AI) is used as both a formidable weapon and an indispensable instrument of our own resilience.
A Focus on Disruption
From our vantage point, we’ve seen a dramatic shift in adversary behavior. In responding to incidents globally, we’ve observed that 86% of cases now involve a deliberate attempt to disrupt a victim’s core operations. Attackers are innovating relentlessly, using AI and automation to achieve a speed and scale that fundamentally challenge our traditional defensive postures.
The numbers paint a stark picture. Our research shows that attackers can now exfiltrate data from a compromised network in under a single hour in many cases. They are armed with an ever-expanding arsenal, with nearly 9 million new, unique threats discovered daily. This increase in volume and velocity compresses our window to respond from days to minutes.
The Defender’s Dilemma: A Fractured Defense and an AI Paradox
Unfortunately, our traditional response to this complexity has often been to add more tools. It’s common for a single security organization to manage 50 — sometimes up to a 100 — different point products. This tool sprawl, far from solving the problem, has become a strategic vulnerability, creating blind spots that overwhelm our security operations centers (SOCs). We know that, in nearly every breach, the signals of an attack were present but were missed because the critical data was siloed in a separate tool or lost in a sea of untriaged alerts.
Compounding this challenge is the emergence of the AI paradox: The engines we are deploying for defense have become a new and critical attack surface. Adversaries now target the AI models themselves, by using prompt injections to manipulate behavior in attempts to exfiltrate data from conversational interfaces and exploit overpermissioned AI agents to move laterally. This means our human-centric SOC is both overwhelmed by a fractured defense and ill-equipped to secure the complex logic, memory, and data access patterns that these new AI systems depend on.
The Future of Resilience: From Shifting Left to a Unified Platform
Answering this threat demands transformation, not incremental improvement. The first step is a commitment to “shifting left,” building security into the beginning of our application development and infrastructure processes.
The ultimate solution lies in changing our architectural philosophy. The path forward is through platformization. I don’t mean simple vendor consolidation; I mean adopting an integrated platform that unifies security across the entire enterprise — from the network and endpoints to the cloud and the SOC itself.
A platform approach provides three critical advantages for this new era:
- Complete, unified visibility: By ingesting data from every source into a single, normalized data lake, a platform eliminates the blind spots created by siloed tools. It gives defenders the comprehensive visibility needed to see the faint signals of a sophisticated, disruptive attack.
- AI-powered automation: The only way to fight machine-speed attacks is with machine-speed defense. A platform applies AI and machine learning across a complete dataset, enabling the automation of threat detection, triage, and response at a speed that humans alone cannot achieve.
- Simplified operations and enhanced resilience: By unifying your security architecture, you reduce operational complexity, free up your talented security professionals to focus on high-value tasks like threat hunting, and build a more resilient posture that can withstand and recover from disruptive attacks.
Defending against this new era of disruption is a significant challenge, but it is solvable. By shifting our mindset from buying more tools to building a unified, intelligent platform, we can meet the threat of AI-driven adversaries and architect a more secure future for our organizations.
Curious about what else Scott has to say? Check out his full keynote address: “Achieving Cyber Resilience in an Uncertain World by Palo Alto Networks.”
1 Cyber security and resilience policy statement. UK.gov. April 2025.
