In this episode of The Business of Cybersecurity, I’m joined by Christian Reilly, Field CTO for EMEA at Cloudflare, to unpack what real-world cyber resilience looks like across industries and what’s holding many organisations back. From legacy systems in healthcare and education to cloud-native agility in gaming and fintech, Christian explains why some sectors are better prepared for modern cyber threats and what the rest can learn from them.

We explore the power of simplicity in cybersecurity strategy, the shift toward zero trust, and the cultural importance of treating employee training as a relentless, personal mission rather than a compliance checkbox. Christian also shares sharp insights on the growing risks posed by AI and quantum computing, the need for post-quantum cryptography, and how data protection is fast becoming the cornerstone of competitive advantage.

If your boardroom still treats security as an IT issue or your workforce sees it as a blocker, this conversation will change how you think about cyber preparedness. We discuss Cloudflare’s latest research findings, the future of AI-powered SecOps, and how organisations can move from passive defence to proactive, strategic resilience.

Listen now to learn how forward-thinking businesses are simplifying their stacks, mobilising end-user education, and building security into the core of their operations rather than bolting it on after the fact.

In this episode of The Business of Cybersecurity, I speak with Trevor Dearing, Director of Critical Infrastructure at Illumio, to unpack some eye-opening truths from their latest ransomware report.

We explore why more than half of global companies still have to halt operations when ransomware strikes and why so many UK businesses remain reluctant to report incidents. Trevor shares candid insights into what is working, what is not, and why shifting focus from prevention to containment could be the real key to resilience.

He explains how modern containment tactics like advanced obfuscation and one-click ringfencing can limit damage and keep critical operations running, even when attackers break through. We also discuss why only 13 percent of companies believe their cyber resilience is strong enough and what it will take to close that gap as regulations tighten worldwide.

If you want a grounded take on how to prepare for the attacks that will inevitably come, rather than just hoping they never do, this conversation is for you.

Search Tech Talks Network for more episodes that connect cybersecurity and real-world business strategy.

When I spoke with Mark Lluic, CEO in Residence at Zscaler, on the Business of Cybersecurity podcast, we didn't spend time rehashing the basics. We looked at how leadership thinking must evolve. If your security posture is still built for light rain, what happens when a hurricane hits?

Mark has spent years helping organizations rethink security from the ground up. Instead of chasing alerts or layering new tools onto outdated systems, he advocates for a proactive, systems-first approach. One that prioritizes architecture and continuity over quick fixes.

Zero Trust Isn't Just for Remote Work

Zero Trust started as a security fix for remote access, but that's just one piece of the puzzle. Mark made a sharp observation: many companies still trust users more when they're sitting in the office. That's a dangerous assumption.

Modern Zero Trust means treating all traffic with the same level of scrutiny, regardless of its origin. Every access request should be evaluated based on its context: who is making the request, what device they're using, what they're trying to do, and whether that behavior fits a known pattern.

The Problem with the Patch-and-Pray Model

Security teams often react to new threats by throwing more tools into the mix. Over time, this patchwork creates more problems than it solves. Complexity grows, visibility shrinks, and attackers exploit the gaps.

Mark pointed to research showing that many teams are overwhelmed by the tools they already have in place. Others are held back by outdated systems or a lack of staff with the right skills. That creates a situation where attackers need to succeed once, while defenders must stop everything every time.

A Better Way Forward: Resilient by Design

So, what does a stronger strategy look like? Mark recommends starting with architecture. Build systems that expect disruption. Apply continuous risk assessment. Incorporate business continuity from the start rather than as an afterthought. And don't limit Zero Trust to a single use case. Make it your foundation.

For leaders looking to take action, Mark laid out some clear first steps:

Start by reviewing where Trust is currently assumed. Challenge those defaults. Apply the same standards inside your network as you do for external traffic. Think about context every time you evaluate access.

Ensure that your legacy systems are also included in this effort. But remember, you don't need to replace everything overnight.

Resilience is about ensuring your organization remains standing, regardless of what challenges it faces. That means planning, testing your response, and building security into your infrastructure not bolting it on later.

Listen to the full episode to hear why this shift is a leadership decision that defines how your organization faces tomorrow's threats.