Bhavya Bhandari

expert panel

Critical infrastructure is where cyber risk stops being abstract. When power grids, water systems, transportation networks, hospitals or financial systems are disrupted, the fallout isn’t limited to one company’s operations or balance sheet. It can affect public safety, economic stability and trust in the systems people rely on every day.That’s why a recent World Economic Forum survey should get leaders’ attention: 31% of global CEOs lack confidence that their country could respond effectively to a major cyberattack on critical infrastructure. But that lack of confidence may not reflect doubts about governments’ readiness alone. Many leaders may also be recognizing security gaps closer to home, from aging systems and complex vendor networks to crisis plans that haven’t been tested under real pressure. In a recent survey of senior leaders, 48% said the potential emergency they felt least prepared for was a cybersecurity crisis. Preparedness requires much more than policy statements, compliance checklists or well-intentioned plans stored in a shared drive. Leaders across industries and nations need a clearer understanding of how decisions will be made, who will act first and how organizations, sector partners and public agencies will coordinate when minutes matter.Members of the Senior Executive Cybersecurity Think Tank have deep expertise in enterprise cybersecurity strategies, risk management and modern security architecture. Below, seven of them share what’s driving leaders’ declining confidence in cyber resilience and what practical steps could strengthen preparedness at both organizational and national levels.

expert panel

Agentic AI systems are designed to operate autonomously to achieve a goal, interpreting objectives, selecting tools, executing multistep tasks across systems, and adapting their approach based on intermediate results. Unlike traditional software that follows fixed instructions, agentic AI can make decisions, delegate to other agents and take actions with real-world consequences, often with minimal or no human intervention at each step.Enterprises are adopting agentic AI at a rapid pace, drawn by its ability to compress complex workflows ranging from IT operations and software development to customer service and financial processing. These automated pipelines run faster and at a greater scale than human teams alone. But that same autonomy introduces a security challenge that conventional frameworks weren’t built to handle.Traditional access controls were designed around a simpler premise: Verify the user or system, then permit or deny the action. In agentic environments, that model breaks down. An agent may be fully credentialed and operating within approved systems yet still drift into behavior that no one explicitly authorized. That’s why intent-based security is quickly becoming a core consideration for enterprise AI adoption. For security leaders, the challenge is building controls that are strong enough to prevent harm without slowing the very automation they’re trying to enable. Members of the Senior Executive Cybersecurity Think Tank have deep expertise in enterprise cybersecurity strategies, risk management, regulatory compliance, and modern security architecture. Below, three of them discuss why intent matters in agentic environments and which runtime signals and safeguards leaders should prioritize as autonomous systems become more deeply embedded in business operations.

expert panel

The challenge is in the name: Zero-day attacks don’t wait for a convenient moment. They arrive before there’s a known fix, before teams fully understand the blast radius and often before leaders have a clear answer to the most basic question: “What exactly is happening?” In that moment, an incident response plan becomes more than a document. It becomes a stress test of how well an organization can coordinate a solution and make critical decisions with limited information and zero warning.That kind of pressure can expose system and human weaknesses that routine drills miss. With exploited zero-day vulnerabilities affecting enterprise technologies reaching an all-time high in 2025, leaders must act now to strengthen weak links in the response chain: approval chains that move too slowly, communication channels that break down, and assumptions about staff, systems and partner readiness that don’t hold true. The risk isn’t limited to technical disruption: A poorly handled response can affect operations, customer trust, regulatory exposure and reputation all at once.While zero-day attacks strike without warning, it doesn’t mean organizations can’t prepare. Teams that are ready to respond aren’t built only around technical expertise. They’re trained to act decisively under uncertainty, structured to coordinate across functions and empowered to make fast, informed calls when waiting could make the situation worse. Members of the Senior Executive Cybersecurity Think Tank bring deep expertise in enterprise cybersecurity strategies, data breach prevention, risk management and modern security leadership. Below, three of them share what zero-day incidents reveal about incident response readiness and how organizations can build teams capable of withstanding the pressure.

expert panel

The foundational philosophy of zero trust can sound deceptively simple: Verify everyone, trust no one and keep attackers from moving freely. In practice, though, it’s not that neat. Businesses change, employees need access to new tools, cloud environments expand and attackers keep finding fresh ways to test old assumptions. New users, new systems, new attack vectors: The environment that zero trust is meant to protect keeps changing, which means it’s time to move beyond philosophies and frameworks and implement realistic, forward-thinking architectures.The essential question is whether an organization can clearly see what’s happening across its systems, contain damage when something goes wrong, and keep operations running without forcing people to work around security controls to get their jobs done. The answer lies in shifting focus from implementation milestones to measurable outcomes: protecting the most critical assets, supporting the way people actually work, and measuring progress through outcomes rather than activity. The goal of zero trust isn’t to prove that every possible risk has been eliminated. It’s to show that an organization is becoming harder to compromise, faster to respond and easier to operate securely. Members of the Senior Executive Cybersecurity Think Tank have years of experience and deep expertise in enterprise cybersecurity strategies, threat detection, risk management and zero-trust architecture. Below, five of them discuss how to define “good enough” zero trust progress in practical terms and the real-world signals that tell leaders they’re reducing risk, not just adding friction.