Enterprise security teams are working under the assumption that disruption is constant. A global study by Trellix shows that resilience has moved from a long term goal to a structural requirement for CISOs. Infrastructure design, operational integration, and the use of AI shape how organizations prepare for ongoing pressure from threats and regulation.
Hybrid infrastructure settles in as standard practice
Hybrid infrastructure, which combines cloud, on premises, and isolated systems, has become the standard approach for continuity and risk management. Nearly all respondents agreed that this model strengthens resilience compared with relying on a single environment.
Security leaders described hybrid infrastructure as a way to maintain operations during incidents while retaining control over sensitive workloads. Business continuity emerged as the primary driver, followed by cybersecurity and supply chain stability. Workloads are distributed across environments in a balanced way, reflecting long term design decisions.
CISOs said hybrid models are essential for meeting data residency and compliance requirements. Regulatory frameworks are shaping where data is stored and processed, particularly for organizations operating across borders. Infrastructure decisions carry lasting regulatory implications, placing security leaders closer to enterprise planning discussions.
Managing hybrid systems adds strain
The study shows that hybrid environments introduce operational pressure alongside their benefits. CISOs pointed to recurring issues such as limited visibility across environments, identity management challenges, and delays in investigating threats that span multiple platforms. Integration between operational technology and IT security also remains difficult for many teams.
Despite these challenges, organizations are not reducing complexity. Investment plans for the coming year focus on strengthening security controls within hybrid environments. Cybersecurity ranked as the top investment area, followed by cloud expansion and OT and IT convergence.
OT and IT security move closer together
Operational technology plays a central role in enterprise risk. Only a minority of organizations have unified OT and IT security under one function, though most CISOs view convergence as necessary for protecting critical infrastructure.
Respondents linked convergence to practical outcomes. Improved collaboration between security, IT, and operations teams was the most cited benefit. Better visibility across environments and stronger protection against targeted attacks on industrial systems followed closely. These gains reflect a broader effort to manage digital and physical risks under shared oversight.
CISOs reported limited executive understanding of OT security requirements and recovery planning. These gaps affect how controls are applied and how incidents are handled when operational systems are involved. The findings suggest that convergence depends as much on organizational alignment as on technology.
“OT and IT security convergence is highly complex due to differing priorities, risk profiles, and operational needs,” said Michael Green, CISO, Trellix. “Success requires CISOs to be intentional: 1) develop a strategic approach for the unique integration challenges, and 2) secure leadership alignment and buy-in. While not an easy undertaking, when done correctly, true OT-IT convergence can significantly improve an organization’s cyber resilience.”
Threats accelerate with automation
Security leaders are tracking a rise in attacks that use automation and AI to adapt during execution. A large majority of CISOs described AI driven and autonomous attacks as a major risk. These threats ranked above phishing campaigns enhanced by AI, attacks on operational technology, and exploits targeting cloud environments.
This pressure is driving reassessment across security programs. Nearly all respondents said emerging threats are forcing changes to cybersecurity and infrastructure priorities. Ransomware, autonomous attacks, and infrastructure focused campaigns surfaced as areas where defenses require improvement.
CISOs pointed to visibility across hybrid environments as a requirement for detecting and containing threats earlier. Intelligence sharing, workforce development, and leadership support also ranked highly, pointing to gaps beyond tooling.
AI becomes part of daily defense work
Defenders are using AI to respond to automation on the offensive side. CISOs said they are confident AI enabled security tools can defend against autonomous attacks. On average, a quarter of security budgets is allocated to AI based capabilities.
These tools support threat analysis, intelligence collection, and incident response. Organizations operating hybrid environments reported fewer obstacles when deploying AI, particularly around integration. Cost and complexity remain common challenges, along with concerns about compliance and supply chain exposure.