Skip to content

Ecosystems and Dependencies Endanger Enterprises

flashmovie – stock.adobe.com. by James Tucker, Zscaler. Last updated: 22 May 2026. From power outages that cripple parts of Southern Europe to cyberattacks that bring manufacturing facilities to a standstill for weeks: Last year’s headlines have made it clear that we are living in a “when, not if” reality of failure scenarios. Cyberattacks, extreme weather, supply chain disruptions, and human error can trigger far-reaching consequences for a digital ecosystem without warning. And with that comes an uncomfortable truth: the digital backbone of modern enterprises is alarmingly fragile. More than ever, there is an urgent need within enterprises for strong cyber resilience. Rather than reacting to disruptions, security design that looks ahead to help mitigate the effects of external factors must take precedence. For organizations striving for business continuity and agility, it is no longer sufficient to merely react to disruptions. Resilience must evolve from an inward-facing defense mechanism to an externally oriented cybersecurity strategy. The supply chain takes on particular significance given today’s AI-driven dependencies on partners. The results of the study “The Ripple Effect: A Hallmark of Resilient Cybersecurity” reveal a need for action: More than two-thirds (68 percent) of surveyed enterprises reported increasingly relying on third parties. However, fewer than half of these enterprises have updated their resilience strategy despite these dependencies. Measures to implement risk control have also been implemented by fewer than 50 percent of IT decision-makers. While investments in cyber resilience are increasing, the study results reveal a critical gap: IT decision-makers’ confidence in security reflects rather a sense of control over internal systems than actual preparation for external disruptions. Globally, a majority of IT leaders (61 percent) admitted that their resilience strategy is too inward-focused. Effective resilience today should also account for external dependencies, such as business partners, platforms, and supply chains, to buffer external shockwaves. Through a resilience-oriented approach that extends beyond network boundaries and includes these dependencies, enterprises can better prepare for the inevitable reality of a cyberattack triggered, for example, by third parties. “Higher connectivity and networking mean more complexity, more moving parts, and ultimately less flexibility and resilience. In short: diversification without control means higher risk, which must be considered in enterprise resilience strategies to effectively prevent outages.” James Tucker, Zscaler. Three measures to strengthen cyber resilience. Comprehensively securing the software supply chain and the entire ecosystem against multiple risks is one of the most challenging tasks for security teams, alongside considerations of progress in AI or post-quantum cryptography. The imperative is to continuously close security gaps and extend the resilience approach outward. This includes prioritizing transparency across all data flows and dependencies and anchoring proactive risk analysis in cyber resilience strategies. Beyond internal systems, external factors that influence operational risk must also be given greater consideration. This includes tracking data flows across external partners and the entire supply chain and checking for attack vectors. To achieve this, security teams should pursue the following measures: Architectural adjustments: Agility is the key to higher security, and flexible architectures are required to quickly respond to changes in the external threat landscape. A platform approach simplifies this rapid adaptation, as any network complexity is the enemy of agility. Decoupling security from network infrastructure is essential for unrestricted adaptation speed. Transparency and proactive risk management: A shift from reactive threat analysis to proactive risk analysis is another cornerstone for higher resilience. Comprehensive visibility into all data flows to all destinations is required, which in addition to internal systems should also include external business partners across the entire supply chain. Based on this insight, overprivileged access rights to data by third parties or AI agents can be prevented. Continuous expansion through interoperability: With a robust, platform-based architecture, future-proofing becomes an ongoing process. Whenever new partnerships or dependencies are created, identity-based security can be extended. For example, securing agent-based AI in supply chains builds on existing DLP measures and data classification by criticality. When AI agents receive their own identity with defined and limited access rights via a security platform, similar to an employee, data loss and attacks through overprivileged access can be mitigated. When updating their resilience strategies, however, enterprises still face the hurdle of their conventional security architectures. In the study, 81 percent of surveyed decision-makers stated they still rely on legacy systems to a critical or moderate degree. A further 64 percent of decision-makers believe that their current infrastructure hinders an effective response to disruptions. Equally alarming, at 59 percent, is the number of enterprises whose security architecture cannot keep pace with changes in their business operations. To ensure true resilience, enterprises must conduct external stress tests to uncover hidden risks, such as simulating supplier dependencies. The ecosystem in focus of resilience. Ultimately, in a third-party ecosystem economy, an enterprise’s cyber resilience is only as strong as the ecosystem on which it depends. If security teams do not develop control mechanisms for suppliers, contractors, and shared platforms and continuously verify their effectiveness, a security incident in the supply chain can lead to catastrophic failure in their own operations. Higher connectivity and networking mean more complexity, more moving parts, and ultimately less flexibility and resilience. In short: diversification without control means higher risk, which must be considered in enterprise resilience strategies to effectively prevent outages. About the author: James Tucker is CISO at Zscaler. The authors are responsible for the content and accuracy of their contributions. The views expressed reflect the authors’ perspectives. Learn more about application and platform security

ComputerWeekly.de

Share on: