In this episode of Tech Talks Daily, I speak with Martyn Ditchburn, CTO in Residence for EMEA at Zscaler, about the findings from the company's latest Ripple Effect Report and what it reveals about the growing gap between cybersecurity investment and true organizational resilience.
Drawing on insights from more than 1,700 IT leaders across 14 countries, Martyn explains why many organizations are still struggling to adapt to a threat landscape that is evolving faster than their security strategies. While cyber resilience budgets continue to rise, many leaders admit their approach remains too inward-looking, leaving critical vulnerabilities across supply chains, cloud environments, third-party ecosystems, and emerging AI deployments.
We explore why shadow AI is rapidly becoming the new shadow IT challenge, with employees adopting AI-powered tools faster than governance frameworks can keep pace. Martyn discusses how AI is quietly being embedded into countless business applications, creating visibility and security challenges that many organizations have yet to recognize fully.
The conversation also examines the growing importance of supply chain resilience. As businesses become increasingly dependent on external providers, cloud platforms, and interconnected digital services, traditional security perimeters continue to disappear. Martyn shares why third-party risk remains one of the biggest blind spots in modern cybersecurity programs and how organizations can better understand their expanding attack surface.
Agentic AI is another major focus of our discussion. As AI systems move beyond assisting users and begin taking autonomous actions, security teams face entirely new challenges around identity, governance, accountability, and risk management. Martyn explains why many organizations are racing ahead with adoption while still lacking the guardrails needed to manage these emerging technologies safely.
We also discuss lessons from previous technology shifts, including cloud computing and shadow IT, and why history keeps repeating itself when innovation outpaces security planning. Martyn offers practical advice on limiting risk, reducing blast radius through segmentation, and treating AI agents as digital identities that require the same controls and oversight as human users.
As organizations pursue AI-driven growth and competitive advantage, are they building resilience into their foundations or creating new risks they cannot yet see? And in a world where AI is becoming embedded in everything, how can security leaders stay ahead of threats that are evolving faster than ever before?