HCLTech’s recent Global Cyber Resilience Study 2024-25 reveals that over half of security leaders (57%) experienced a cyberattack in the past year, with North America (64%) and sectors such as Life Sciences and Healthcare (62%) particularly hard-hit. Attackers employed tactics like cloud malware injections and API vulnerabilities, complicating recovery efforts. Nearly three-quarters of leaders reported significant challenges in returning to normal operations, especially in the Telecom, Media and Entertainment sectors.

In a recent interview with HCLTech Trends and Insights, Amit Jain, Executive Vice President and Global Head of Cybersecurity at HCLTech, emphasized the necessity for a strategic approach to cybersecurity. “It’s not a question of if they faced an attack; it’s a question of when they will face an attack,” he said. While 57% have identified attacks, Jain suggests that nearly all organizations are likely to experience some form of cyber intrusion.

This inevitability highlights the need for organizations to evaluate the risks associated with their digital strategies. “As organizations embrace digital transformation, many are unwittingly increasing their vulnerabilities,” warned Jain, stressing the importance of understanding how new technologies affect security. He noted that APIs, essential to many digital initiatives, have become the “largest source of vulnerability.”

Addressing cybersecurity challenges

Global conflicts, economic pressures and emerging technologies like GenAI are creating new vulnerabilities, increasing the likelihood of cyberattacks. Security leaders face additional challenges from evolving industry regulations and the sweeping digital transformations affecting various sectors, with 81% expect further attacks in the next 12 months, with AI-generated threats emerging as a growing concern.

For CISOs, the way forward involves enhancing visibility and response capabilities, leveraging automation and incident response and recovery capabilities for quicker recovery and ensuring compliance with escalating regulatory demands. Addressing skill gaps, collaborating with trusted providers and aligning cybersecurity investments with digital transformation objectives are crucial for maintaining resilience in this dynamic landscape.

Jain highlighted several strategic priorities organizations must adopt to bolster their cybersecurity posture, especially considering the increasing influence of geopolitical factors on the cybersecurity ecosystem. “When it comes to cyberattacks, we have to look at the geopolitical equation as well,” he stated, referencing conflicts and elections that can serve as catalysts for cyber disruptions.

Moreover, he discussed the increase in zero-day vulnerabilities over the past year, stating, “There’s never a reduction in zero-day threats. Organizations must maintain a dynamic cybersecurity posture and never take anything for granted.” 

Bridging the business-IT gap

A common challenge many organizations face is the disconnect between business teams and IT departments. According to the HCLTech report, 66% of leaders noted a significant gap in this area. Jain suggested that while it may be difficult to fully bridge this gap, organizations should strive to cultivate a “security first culture.” This approach involves embedding security considerations into every aspect of business operations, from the C-suite to frontline employees.

“Organizations need to think about security at the beginning of every project, not as an afterthought. When organizations align their security goals with business objectives, they create a more resilient structure,” he added. This cultural shift is essential for ensuring that security initiatives receive the necessary support and funding. 

Every organization should invest in understanding their internal capabilities and the external threats they face. “It’s about keeping your posture dynamic,” he asserted, underlining the necessity for organizations to be vigilant and adaptable in their cybersecurity efforts.

Budgeting for cybersecurity

With many organizations facing heightened cybersecurity risks, Jain noted that budgets for cybersecurity initiatives are beginning to increase. More than 60% of leaders are planning to invest more in cybersecurity soon. However, Jain warned that organizations must approach their budgets strategically, focusing on reducing waste and increasing efficiency.

“Organizations need to save to invest. By automating routine tasks, organizations can free up resources to focus on higher-level strategic initiatives,” he emphasized, advocating for a more calculated, risk-based approach to cybersecurity spending. He suggested that organizations leverage automation and artificial intelligence (AI) to enhance security measures and drive operational efficiency. 

Overall, Jain advised organizations to reassess their maturity scores, noting that “boards don’t always understand maturity scores.” Instead, he encouraged a focus on defining security needs based on practical risks and operational realities. “It’s about understanding what is truly important for the organization and its stakeholders,” he stated.

The role of Managed Security Service Providers (MSSPs)

As organizations evaluate their cybersecurity needs, Jain highlighted the importance of considering MSSPs and advised organizations to assess what capabilities they should retain in-house versus what can be outsourced. “Building cybersecurity is a capability in itself,” he noted, suggesting that organizations typically retain strategy and architecture while outsourcing execution and operational capabilities.

“Leveraging external expertise can significantly enhance your security posture,” explains Jain. “MSSPs bring valuable threat intelligence and industry experience, which can be a game-changer for organizations trying to navigate the threat landscape.” He suggested organizations seek out partners that can complement their internal capabilities while allowing them to maintain control over critical business aspects.

The future roadmap

Cybersecurity is a critical topic of discussion across all sectors, with growing expectations for both security and non-security organizations to adopt a "cyber-first" culture. Jain predicts continued investment in cybersecurity, along with an increasing emphasis on automation to address challenges, particularly given the ongoing talent shortage in the field.

He advises organizations to adopt a holistic approach to cybersecurity, saying they should "look at pretty holistically, not just the internal side of the IT, but the external side as well." He suggests that companies consider factors like "partners, cloud and AI" to determine the right controls, solutions and capabilities to build. 

Concluding with optimism, Jain remarks, "It's exciting times. Cybersecurity is one of the fastest growing areas in the market today," and he remains focused on helping clients enhance their security posture and inspire confidence in their business.