The recent RSA Conference was a whirlwind of cybersecurity sessions, with artificial intelligence (AI) dominating the headlines. Yet, amidst the buzz, a critical blind spot emerged: the need for cyber resilience. The imperative for robust incident response and recovery capabilities remains a pressing concern that security leaders cannot afford to overlook.
Many enterprises, including those in critical infrastructure sectors, still lack fundamental resilience measures. This is not just a theoretical concern—it’s a real-world issue. Take for example, a recent CTG engagement with a water and wastewater utility—an organization responsible for delivering safe drinking water to thousands. Shockingly, they had neither an incident response plan nor a dedicated incident response team. This isn’t just a governance gap; it’s a threat to public safety. And they’re not alone—many critical infrastructure operators remain dangerously underprepared.
This troubling gap reflects a larger truth: cyberattacks are no longer a possibility—they’re a certainty. The question isn't if but when. In this environment, recovery speed becomes a key performance metric. Yet many small and midmarket businesses often lack the resources to respond effectively. These organizations are increasingly targeted by attackers precisely because they're often connected to larger infrastructures, making them attractive entry points for cybercriminals.
Observations from RSAC 2025: The Good, The Gaps, and What’s Next
Beyond the lack of focus on cyber resilience, several other key themes emerged at RSAC 2025—some expected, others surprising:
Identity and Access Management: Encouragingly, there were more conversations around identity and access management (IAM). This is a critical issue, as organizations increasingly seek support to protect identities and manage third-party risks. Questions like “How do we protect identities?” and “How do we deal with third-party risk?” are becoming central to cybersecurity strategies. Strengthening IAM isn't just about access—it’s foundational to containment during a breach. Without strong identity governance, recovery becomes exponentially harder.
AI: While AI dominated the security conversation, there was surprisingly little discussion about its practical applications. While there was growing curiosity around concepts like Agentic AI-autonomous agents that help reduce alert fatigue by triaging events in real time, practical guidance in how to implement, govern, and secure AI applications was scarce. This gap highlights the need for more actionable insights into leveraging AI effectively in cybersecurity. Organizations need more than hype—they need roadmaps.
Zero Trust: John Kindervag, the creator of the Zero Trust model, marked the 15th anniversary of the framework by discussing its evolution. Despite widespread commitment to Zero Trust principles, we see many organizations still failing to deploy the model across their entire environment. Instead, they implement Zero Trust in isolated pockets of their IT or infrastructure. Partial implementation gives a false sense of security. Until Zero Trust is deployed holistically across OT, IT, and cloud, organizations will remain vulnerable.
Midmarket organizations often lack in-house cyber expertise and are prime for attacks. A managed Security Operations Center (SOC) model can bridge this gap, providing 24x7 monitoring, rapid response capabilities, and access to specialized talent without the overhead.
CTG Expands SOC Operations
Prior to RSAC, to meet growing demand for cyber resilience, CTG—a Cegeka company—recently expanded its global SOC network to include a new U.S. facility in Buffalo, New York. This center joins Cegeka’s established SOCs in Belgium and Romania and is built on a proven playbook of global best practices. With a dedicated team of trained analysts, biometric security, and mirrored runbooks, the Buffalo SOC extends CTG’s global capability to deliver resilience-focused, outcome-driven cybersecurity services.
To ensure consistent quality of service, the Buffalo facility implements the same proven technology stack, playbooks, and runbooks used across its European counterparts. The SOC also features a dedicated data center, advanced physical security measures including biometric access controls, and a team of trained security analysts. These analysts recently completed a month-long training program at the organization’s main operating SOC in Belgium, ensuring they are equipped to handle the complexities of global cybersecurity threats.
It's Time to Make Cyber Resilience a Priority
While RSA Conference 2025 proved to be a great opportunity for showcasing the latest in cyber defense capabilities, a s cyberthreats continue to evolve, cyber resilience must become a cornerstone of future cybersecurity strategies. Organizations of all sizes, whether large enterprises, mid-market companies, or small businesses, must prioritize building robust incident response and recovery capabilities. Managed services like those delivered through CTG’s newly expanded Cegeka Modern SOC network, offer a practical solution to close security, expertise and knowledge gaps and strengthen cyber resilience.
Ultimately, cyber resilience is not just a technical challenge; it’s a business imperative. Security leaders must elevate resilience discussions to the boardroom, ensuring that it becomes an integral part of enterprise risk management. The true measure of success will be how quickly and effectively organizations can recover and resume operations. In the face of escalating cyberthreats, resilience is not optional—it’s essential. Organizations that fail to prioritize resilience risk not only operational disruptions but also the trust and confidence of their stakeholders. The time to act is now.