New research into CISO challenges points to hybrid infrastructure and AI innovation to address emerging threats and compliance requirements
Trellix announced a new report, Mind of the CISO: The Future of Cyber Resilience, which finds a shift toward hybrid infrastructure as the foundation of modern resilience against cyber threats. With an escalation in advanced threats targeting critical industries this year, increasingly targeting the OT/IT boundary, it’s no surprise 96% of CISOs agree OT/IT security convergence is essential, yet only 40% plan to invest in this area over the next 12 months as part of their hybrid infrastructure strategies.
“OT and IT security convergence is highly complex due to differing priorities, risk profiles, and operational needs,” said Michael Green, CISO, Trellix. “Success requires CISOs to be intentional: 1) develop a strategic approach for the unique integration challenges, and 2) secure leadership alignment and buy-in. While not an easy undertaking, when done correctly, true OT-IT convergence can significantly improve an organization’s cyber resilience.”
Mind of the CISO: The Future of Cyber Resilience reveals insights from over 500 CISOs worldwide on the cyber resilience architecture needed to navigate regulations, compliance, and the evolving threat landscape. Hybrid infrastructure emerges as the cornerstone of CISOs’ security strategies, alongside the convergence of OT and IT security for better risk management, and the role of intelligent defense to stay ahead of AI-powered threats. Key findings include:
Hybrid infrastructure as the foundation of modern resilience
- Nearly all (97%) respondents agree hybrid infrastructure provides greater resilience and risk management capabilities than relying solely on cloud or on-premises environments
- Almost all CISOs (96%) say adopting a hybrid infrastructure model is essential for meeting evolving regulatory and compliance requirements, while a similar number (97%) see it as key to managing data sovereignty and residency obligations
The convergence of OT and IT security to manage risk
- 96% agree the convergence of OT and IT security is essential for protecting critical infrastructure from emerging threats
- 88% agree the convergence of OT and IT security exposes new challenges many organizations are not yet prepared to address
Emerging threats and the need for intelligent defense
- Ransomware and extortion (89%), agentic AI and autonomous cyberattacks (88%), and targeted attacks on OT and infrastructure (87%) are all seen as areas where defenses must evolve
- 94% agree emerging threats are forcing them to rethink and reprioritize their cybersecurity and infrastructure strategy, and nearly half of CISOs (47%) say they are completely confident AI-powered security tools can effectively defend against autonomous, AI-driven cyberattacks
“Adopting a strong cyber resilience strategy is not a nice-to-have; it’s a necessity,” said Roy Luongo, former CISO, U.S. Secret Service. “CISOs are constantly faced with new and evolving threats, and AI is propelling this evolution. You need a strategy in place with the right ingredients to ensure your organization can withstand and recover from advanced attacks, and in today’s threat environment, hybrid infrastructure and AI-enabled defense should be core components in your strategy.”
Despite challenges, CISOs are moving toward a hybrid infrastructure strategy for better resilience, business continuity, cybersecurity, and supply-chain integrity. Success requires organizational support, including stronger leadership alignment (especially for OT-IT security convergence), increased investment in security talent and AI defense tools, and clear governance. Policymakers must reflect the shift to hybrid models in cybersecurity policy and funding, investing holistically to ensure government agencies get the full benefits of hybrid environments. Additionally, to address the rise in AI-powered threats, policymakers should prioritize AI threat defense solutions to build resilience.