Across many industries, including critical infrastructure, fundamental resilience measures are still missing. This is not just a theoretical concern. It is a real operational risk. During recent engagements, we have seen organizations responsible for essential services operating without a formal incident response plan or a dedicated response team. When organizations responsible for services such as water utilities, energy production, or manufacturing lack these capabilities, the implications extend far beyond IT. It becomes a matter of public safety and operational continuity. Unfortunately, these situations are not rare. Many critical infrastructure operators remain underprepared for the reality of modern cyber threats.
This gap reflects a broader truth that security leaders increasingly acknowledge. Cyberattacks are no longer a question of possibility. They are inevitable. The real question is how quickly an organization can detect, contain, and recover from an attack. In this environment, recovery speed becomes one of the most important security metrics.
Small and midmarket organizations often face the biggest challenges in this area. They may lack the internal resources, specialized expertise, or 24/7 monitoring capabilities required to respond effectively to modern threats. At the same time, these organizations are increasingly targeted by attackers. Many are connected to larger ecosystems and supply chains, making them attractive entry points for cybercriminals seeking to reach larger targets.
Beyond the limited focus on cyber resilience, several other important themes emerged during RSA Conference 2025.
One encouraging development was the growing number of conversations around identity and access management. Organizations are increasingly asking critical questions about how to protect identities and manage third party risk. Identity is rapidly becoming the new security perimeter.
Strong identity governance does far more than control access. It plays a crucial role in limiting the spread of attacks and containing breaches. Without effective identity management, recovery becomes significantly more complex and time consuming.
Artificial intelligence dominated the security conversation at RSAC. However, despite the excitement, practical guidance remained limited. Many discussions focused on emerging ideas such as autonomous security agents designed to reduce alert fatigue by triaging events in real time.
While the potential of AI in cybersecurity is significant, organizations are still looking for practical frameworks for implementation, governance, and security. At Cegeka, we see strong demand for clear roadmaps that translate AI innovation into operational security outcomes. Organizations need more than concepts. They need concrete approaches that integrate AI into their security operations in a controlled and effective way.
Another important milestone highlighted during the conference was the fifteenth anniversary of the Zero Trust model introduced by John Kindervag. Over the past decade and a half, Zero Trust has become a widely adopted framework in cybersecurity strategies.
Despite strong commitment to the principles, many organizations are still implementing Zero Trust only partially. Deployments often remain limited to specific segments of the IT environment rather than extending across the full ecosystem of IT, operational technology, and cloud environments.
Partial implementation creates a false sense of security. A fragmented Zero Trust strategy leaves gaps that attackers can exploit. Achieving meaningful protection requires a holistic approach that covers identities, endpoints, networks, and applications across the entire organization.
For many organizations, particularly in the midmarket, the biggest challenge is the shortage of cybersecurity expertise. Building a fully staffed internal security operations capability is difficult and expensive. As a result, many organizations struggle to monitor threats around the clock or respond rapidly when incidents occur.
A managed Security Operations Center model offers a practical way to close this gap. With continuous monitoring, threat detection, and incident response capabilities, organizations gain access to specialized expertise without the complexity of building their own SOC from scratch.
To support the growing demand for cyber resilience, Cegeka has expanded its global SOC network with a new facility in Buffalo. This new center complements Cegeka’s established SOC operations in Belgium and Romania.
The Buffalo SOC follows the same proven operating model used across Cegeka’s global network. It is built on a shared technology stack, standardized playbooks, and mirrored runbooks that ensure consistent service delivery across regions.
The facility also incorporates advanced physical security controls, including biometric access and a dedicated data center environment. Security analysts operating from the new center completed an extensive training program at Cegeka’s primary SOC in Belgium, ensuring alignment with the company’s global operational standards and threat response procedures.
This expansion strengthens Cegeka’s ability to deliver continuous monitoring, rapid incident response, and resilience focused security services for customers across Europe and North America.
RSA Conference 2025 once again demonstrated the rapid pace of innovation in cybersecurity. However, as threats continue to evolve, cyber resilience must become a central pillar of every security strategy.
Organizations of all sizes need to prioritize strong incident response planning, recovery capabilities, and continuous monitoring. Managed security services delivered through a modern SOC model provide a practical way to strengthen these capabilities while addressing the ongoing shortage of cybersecurity talent.
Ultimately, cyber resilience is not only a technical challenge. It is a business imperative. Security leaders must bring resilience discussions into the boardroom and position them as a core element of enterprise risk management.
The true measure of cybersecurity success is not simply the ability to prevent attacks. It is the ability to recover quickly, maintain operations, and protect stakeholder trust when incidents occur. Organizations that prioritize resilience will be better positioned to withstand the evolving threat landscape. Those that do not risk operational disruption, financial loss, and reputational damage.
The time to act is now.