In a world of AI disruptions, quantum threats, and evolving supply chain risks, cybersecurity leaders share why business alignment, cultural shifts, and constant preparedness—not just technology—are the real pillars of cyber resilience.
In today’s hyper-connected, digitally transformed world, cyber resilience isn’t a luxury—it’s a survival imperative. The complexity of modern threats, fueled by advancements in AI, quantum computing, and ever-expanding supply chains, demands a mindset shift: cybersecurity must no longer be treated as an IT silo but embedded across all business functions.
At a recent deep-dive panel led by Bharat Raigangar, Board Advisor, 1CxO, vCISO Cyber Security Mentor, leading cybersecurity and business experts gathered to unpack the layers of what real cyber resilience entails today—and why businesses must evolve faster than ever to protect themselves, their customers, and their reputations.
The Business Value of AI: Cutting Through the Hype
Opening the discussion, Manish Agarwal, CISO & CIO, MH Enterprises LLC. emphasized a reality often missed in boardrooms intoxicated by the allure of new technologies: AI must serve clear business purposes, not become a vanity project.
“AI is the buzzword today, but every use case must deliver real value to the business—it cannot be adopted just for the sake of it,” he stated bluntly.
“Cyber resilience is not just about technology; it’s about creating a culture of proactive defense and continuous improvement.”
Drawing from his experience leading digital transformation at MH Enterprises, Manish explained how AI and RPA helped automate order management processes that previously consumed thousands of man-hours. “We used to have 40 to 50 people manually punching in data—brands, SKUs, pack sizes, pricing variances per customer. It was tedious and prone to errors. Today, AI processes these variations autonomously, freeing human talent for strategic work,” he elaborated.
The outcome wasn’t just efficiency—it was resilience. When floods, political strikes, or COVID-19 disruptions hit, MH’s operations didn’t halt. Trucks kept rolling, orders kept flowing, and customer service remained uninterrupted.
However, Manish was quick to caution that automation should not become a goal in itself: “If AI or any technology does not tangibly impact business continuity, customer experience, or operational excellence, it’s a wasted investment,” he warned.
The takeaway? Technology must be a servant to business outcomes, not a master creating complexity without cause.
“Cyber resilience isn’t built overnight. It’s a daily discipline of integrating smart technology, proactive processes, and engaging people.”
– Manish Agarwal
Communicating Cyber Risks: Speaking the Language of Business
One of the most critical gaps in cybersecurity today is communication—specifically, translating technical risks into business priorities.
Manish recalled a pivotal moment from his career: “Back in 2007, when we decided to migrate emails to Google Apps, people were terrified. ‘Will Google read our confidential contracts? Will our data be safe?’ The fear was real,” he recounted.
The solution was not throwing around technical specs but reframing the conversation: “We focused on uptime guarantees, cost optimization, flexibility for remote work—things that mattered to business heads. That’s when we gained consensus.”
Similarly, today’s cybersecurity narratives must pivot: “If you tell the CFO about zero-day vulnerabilities, they might yawn. Tell them about regulatory fines, customer trust loss, and brand reputation hits—they’ll listen,” Manish advised.
Cybersecurity must move beyond fear-driven narratives and anchor itself in business value, risk management, and competitive advantage.
“Zero trust isn’t about trusting nothing, but about layering protections to limit damage if something goes wrong.”
– Sergey Belov
Securing Budgets: Prioritization is Non-Negotiable
In a world of infinite risks but finite resources, Bharat posed the million-dollar question: “How do you secure funding and support for cybersecurity initiatives that aren’t ‘immediately visible’?”
Manish responded with pragmatic clarity: “Out of ten security projects, two might get shot down—that’s the reality. Prioritization is the art we must master.”
He stressed that proposals must focus on quantifiable risk reductions and business continuity benefits: “If you can show that a DDoS mitigation project can prevent 5% potential revenue loss or a compliance solution can save millions in fines, your chances improve dramatically.”
But even the best technology implementations cannot prevent every failure. “Technology can and will fail. Therefore, we must build business resilience—not just technical resilience,” he added.
The critical tool here? Playbooks. Playbooks for email downtime, ERP failures, ransomware attacks, and supply chain disruptions must be detailed, practiced, and updated regularly. “A playbook isn’t just a document—it’s a muscle memory you build into your organization,” Manish emphasized.
“One click by an untrained employee can defeat millions spent on cybersecurity.”
– Kawther Haciane
Managing Supply Chain Risks: Trust But Verify
Cyber resilience is no longer confined within organizational perimeters. Third-party and supply chain risks have become front and center.
Addressing this challenge, Sergey Belov, Director of Information Security, Acronis Threat Research Unit offered a technical reality check: “You cannot eliminate all third-party risks. You can only minimize and control them through layered defenses.”
He cited the SolarWinds attack as a textbook example of supply chain vulnerability, where trusted software updates were weaponized to breach thousands of organizations. “In our environment, we took radical measures—build farms with no internet access, strict code reviews, and dependency management controls,” Sergey explained.
However, even stringent measures are not foolproof. “Zero trust isn’t about distrust; it’s about constantly verifying trust assumptions,” he clarified.
Moreover, regulatory frameworks are getting tougher. Bharat highlighted that regulations like the European Union’s DORA mandate suppliers to report breaches within four hours. “If your supplier fails to inform you about a breach, your entire resilience posture collapses,” Bharat warned.
Thus, resilience today must extend beyond internal systems to encompass the entire ecosystem of partners, suppliers, and service providers.
“SOC teams must proactively integrate AI for threat intent analysis, automated low-risk incident response, and proactive threat hunting.” –
Abdullah Al Barwani
Emerging Technologies: Opportunities and Threats
Abdullah Al Barwani , GM Corporate Security, Omantel brought in a strategic dimension—how emerging technologies can be both a boon and a bane for cybersecurity.
“AI, quantum computing, IoT—these innovations are inevitable. Ignoring them will not stop their adoption; it will only increase your risk,” he asserted.
He argued that organizations must embrace emerging tech proactively but responsibly. “Deploy AI in your SOCs, use ML for anomaly detection, automate low-risk responses—but never remove human oversight entirely,” Abdullah advised.
He introduced the idea of AI-driven tabletop exercises: simulated breach scenarios using AI adversaries to test response capabilities. “Tabletop exercises must evolve. They must simulate AI-powered attacks, insider threats, and supply chain compromises,” Abdullah suggested.
Equally critical is investing in data science capabilities within cybersecurity teams: “Tomorrow’s CISO must understand machine learning algorithms, data biases, and AI attack vectors—not just firewalls and encryption,” he emphasized.
The Human Factor: Culture Eats Technology for Breakfast
No matter how advanced your technology stack, the human factor remains your Achilles’ heel. Kawther Haciane, MENA Partner Consulting Digital Risk Leader, E&Y distilled it succinctly: “You can spend millions on AI and quantum-safe encryption, but a careless click on a phishing email can undo it all.”
She stressed the need for a security-first culture. “Security awareness must not be a one-time annual training—it must be woven into daily conversations, processes, and behaviors,” she said.
Drawing parallels from the Middle East, she noted: “Just as oil once drove economies, data now fuels our digital ecosystems. Protecting data is protecting national interests.”
Security must no longer be seen as an IT expense. It must be treated as an existential necessity—deeply ingrained into organizational DNA.
Talent Retention and Upskilling: Riding the AI Wave
One of the unintended consequences of AI and automation is the anxiety it creates among cybersecurity professionals: “Will AI take away my job?” Bharat raised this concern.
Manish offered a historical perspective: “When PCs became mainstream, accountants feared redundancy. Yet today, thanks to ERP and e-commerce, we have more accountants than ever before.”
The key, he said, is upskilling. “AI won’t replace cybersecurity professionals—it will replace those who refuse to learn new skills,” Manish asserted.
At MH Enterprises, talent strategies include rotational job assignments, recognition programs, sponsorship for certifications, and mentoring. “We make sure our cybersecurity talent feels valued, challenged, and continuously evolving,” he shared.
New roles will emerge—Behavioral Threat Analysts, AI Risk Managers, Quantum Security Specialists. “The landscape will change, but opportunities will expand for those who adapt,” he predicted.
Practical Framework for Cyber Resilience
As the session drew to a close, Bharat asked each speaker to summarize their approach to building lasting resilience.
Sergey said, “Multilayered defense isn’t marketing jargon—it’s survival architecture. Firewalls, monitoring, segmentation, backup systems—everything must work in harmony.”
Kawther added, “Awareness isn’t optional. If your people aren’t security-aware, no firewall can save you.”
Abdullah maintained, “Governance must evolve faster than technology adoption. Otherwise, chaos will outpace control.”
Manish added, “Resilience is built daily. Update your technologies monthly. Refresh your playbooks quarterly. Train your people continuously.”
Bharat concluded, “Change is the only constant. True resilience lies in our ability to learn faster, collaborate deeper, and recover smarter every single time.”
