David Etue

expert panel

Critical infrastructure is where cyber risk stops being abstract. When power grids, water systems, transportation networks, hospitals or financial systems are disrupted, the fallout isn’t limited to one company’s operations or balance sheet. It can affect public safety, economic stability and trust in the systems people rely on every day.That’s why a recent World Economic Forum survey should get leaders’ attention: 31% of global CEOs lack confidence that their country could respond effectively to a major cyberattack on critical infrastructure. But that lack of confidence may not reflect doubts about governments’ readiness alone. Many leaders may also be recognizing security gaps closer to home, from aging systems and complex vendor networks to crisis plans that haven’t been tested under real pressure. In a recent survey of senior leaders, 48% said the potential emergency they felt least prepared for was a cybersecurity crisis. Preparedness requires much more than policy statements, compliance checklists or well-intentioned plans stored in a shared drive. Leaders across industries and nations need a clearer understanding of how decisions will be made, who will act first and how organizations, sector partners and public agencies will coordinate when minutes matter.Members of the Senior Executive Cybersecurity Think Tank have deep expertise in enterprise cybersecurity strategies, risk management and modern security architecture. Below, seven of them share what’s driving leaders’ declining confidence in cyber resilience and what practical steps could strengthen preparedness at both organizational and national levels.

expert panel

AI agents are quickly moving from helpful assistants to active participants in business workflows, and that shift is creating a new access-control challenge for security leaders. To do their jobs well, these systems often need to interact with customer records, financial systems, employee data, proprietary information and other sensitive resources. That creates a difficult balance: The more access agents have, the more useful they may become—but the more damage they can do when something goes wrong. And that risk isn’t theoretical. A 2025 IBM report found that among organizations that experienced an AI-related breach, 97% lacked proper AI access controls, and 63% had no AI governance policies at all.Traditional access models weren’t built for autonomous tools that can act across systems, make rapid decisions and process large volumes of data in seconds. When convenience trumps safety in AI adoption, loose access can expand an organization’s attack surface before security teams can assess the risk. As AI agents become more embedded in daily operations, organizations need to think differently about identity, permissions and accountability. Members of the Senior Executive Cybersecurity Think Tank bring deep expertise in enterprise cybersecurity strategies, data breach prevention, risk management and modern security architecture. Below, five of them share how leaders should weigh the trade-offs of AI agent access and rethink permissioning for AI-driven systems.

expert panel

The challenge is in the name: Zero-day attacks don’t wait for a convenient moment. They arrive before there’s a known fix, before teams fully understand the blast radius and often before leaders have a clear answer to the most basic question: “What exactly is happening?” In that moment, an incident response plan becomes more than a document. It becomes a stress test of how well an organization can coordinate a solution and make critical decisions with limited information and zero warning.That kind of pressure can expose system and human weaknesses that routine drills miss. With exploited zero-day vulnerabilities affecting enterprise technologies reaching an all-time high in 2025, leaders must act now to strengthen weak links in the response chain: approval chains that move too slowly, communication channels that break down, and assumptions about staff, systems and partner readiness that don’t hold true. The risk isn’t limited to technical disruption: A poorly handled response can affect operations, customer trust, regulatory exposure and reputation all at once.While zero-day attacks strike without warning, it doesn’t mean organizations can’t prepare. Teams that are ready to respond aren’t built only around technical expertise. They’re trained to act decisively under uncertainty, structured to coordinate across functions and empowered to make fast, informed calls when waiting could make the situation worse. Members of the Senior Executive Cybersecurity Think Tank bring deep expertise in enterprise cybersecurity strategies, data breach prevention, risk management and modern security leadership. Below, three of them share what zero-day incidents reveal about incident response readiness and how organizations can build teams capable of withstanding the pressure.

expert panel

The foundational philosophy of zero trust can sound deceptively simple: Verify everyone, trust no one and keep attackers from moving freely. In practice, though, it’s not that neat. Businesses change, employees need access to new tools, cloud environments expand and attackers keep finding fresh ways to test old assumptions. New users, new systems, new attack vectors: The environment that zero trust is meant to protect keeps changing, which means it’s time to move beyond philosophies and frameworks and implement realistic, forward-thinking architectures.The essential question is whether an organization can clearly see what’s happening across its systems, contain damage when something goes wrong, and keep operations running without forcing people to work around security controls to get their jobs done. The answer lies in shifting focus from implementation milestones to measurable outcomes: protecting the most critical assets, supporting the way people actually work, and measuring progress through outcomes rather than activity. The goal of zero trust isn’t to prove that every possible risk has been eliminated. It’s to show that an organization is becoming harder to compromise, faster to respond and easier to operate securely. Members of the Senior Executive Cybersecurity Think Tank have years of experience and deep expertise in enterprise cybersecurity strategies, threat detection, risk management and zero-trust architecture. Below, five of them discuss how to define “good enough” zero trust progress in practical terms and the real-world signals that tell leaders they’re reducing risk, not just adding friction.