Hybrid infrastructure that includes a mix of public/private cloud environments, on-premises workloads and air-gapped systems are preferred by security leaders as a way to boost resilience and better manage risk, according to a report Thursday by Trellix.
About 96% of chief information security officers said a hybrid model is the preferred approach to meet regulatory and compliance requirements, while 97% said such a model will help meet obligations related to data sovereignty and residency.
“Ultimately, a CISO must ensure their teams, technology and business partners understand the specific shared responsibility model for each service they consume and implement the necessary controls to manage the daily risks that remain the customer’s responsibility,” Trellix CISO Michael Green told Cybersecurity Dive. “This often involves leveraging tools and governance processes designed to operate across multicloud and hybrid environments to provide consistent security posture and visibility.”
The annual Mind of the CISO report, conducted by researchers at Vanson Bourne, is based on a survey of 500 CISOs or equivalent risk/IT executives from the Americas, Europe, Middle East and Asia-Pacific.
According to the report, working under a hybrid environment should help insulate their organizations from the impact of a cyberattack or localized failure. A key goal is to maintain business continuity, and about nine of 10 CISOs currently cooperate in hybrid environments.
Another key issue for CISOs is the convergence of operational technology with information technology. About 96% of respondents to the survey said convergence of IT and OT is an essential part of protecting critical infrastructure from attack.
Despite that consensus, two of every five CISOs said their leadership lacks the understanding of how IT and OT security differ from one another.
Operational resilience and business continuity have emerged as significant concerns in 2025, as major companies have faced catastrophic attacks that led to weeks and in some cases months of disruption.
British automaker Jaguar Land Rover suffered a late-summer cyberattack that disrupted vehicle production for more than a month into mid-October. That incident had a $2.5 billion impact on the British economy, which included massive disruption of the company’s international supply chain.
Editor’s note: Updates with additional comment from Trellix.
