How AI-powered resiliency can be the new benchmark for Security Functions
The role of the Security Function is changing. Defending against cyber threats is still essential, yet no longer enough. Security teams must also support resilience, ensuring the business can withstand disruption and recover quickly when incidents occur. In that context, AI becomes a valuable enabler – but only when it is applied with clear intent and built on a solid foundation.
Not long ago, the primary role of the Security Function was to protect the organization from cyber threats. Today, it’s increasingly clear that this purpose statement for a future-proof Security Function is too narrow. Yes, security teams must still defend against intrusion, but they must also ensure business continuity.
This broader mandate calls for reflection. If we have spent years developing security capabilities tailored to yesterday’s challenges, how can companies transition to a new reality where security and business goals are more closely aligned?
We would like to share some thoughts on that along with practical suggestions for adapting to the new normal.
A Security Function under pressure
The case for making resilience a benchmark for the Security Function rests on three converging pressures
1. Evolving geopolitics and threat landscape
threat landscape is evolving rapidly. Hybrid and highly adaptive attack vectors – including supply chain attacks – make it increasingly difficult for organizations to stay ahead of malicious actors. One day they exploit one entry point, the next another. As a result, security teams must plan for the likelihood of breaches. The focus is no longer just on preventing downtime, but on limiting its impact and restoring critical operations quickly.
2. Increased regulatory requirements
legislation is raising the bar. At both EU and national levels, stricter regulatory requirements are putting pressure on security teams to implement new processes, tools, controls, and documentation that align with a resilience-focused approach. These requirements are especially acute for organizations that support critical infrastructure where continuity of service is a societal expectation – particularly in the areas of cyber risk management, resilience, supply chain management, and incident crisis response.
3. Exposure to new cyber risks
business demands are adding complexity. As leaders pursue digital transformation to drive efficiency and growth, security teams face growing workloads, new cyber risks, and limited specialist resources.
In short, the Security Function is being stretched in multiple directions: by attackers, by regulators, and by the business itself. How do you optimize under those conditions?
Structure before GenAI
Part of the answer lies in automation – and increasingly, in the use of GenAI to support that automation.
Yes, GenAI tends to show up in every conversation about preparing for the future. So, we are not claiming it is revolutionary to suggest that GenAI should play a role in your security setup – in fact, the latest Deloitte GenAI report shows that leaders see the Security Function as their #1 area for GenAI use going forward. What we are saying is that GenAI only adds real value if the foundation is in place. You cannot expect to plug in advanced AI tools and automatically improve your security posture. Without clear guardrails and well-defined processes, GenAI risks reinforcing existing weaknesses rather than fixing them. If you do not identify where and how GenAI should improve workflows, you will end up scaling the inefficiencies of your current security operations.
Before investing in GenAI-driven security tools, we recommend taking a few essential steps. These are the same steps we work through with clients when we map out the strategic needs of their Security Function, and how they can support both business goals and security goals.
Building a resilient Security Function
Begin by understanding the resilience expectations and strategic goals of your business. Clarify what level of disruption your organization can tolerate and what “good enough” looks like in terms of recovery and uptime. Then evaluate how well your current security operating model supports those goals. Many organizations have inherited structures or processes that no longer match the new regulatory demands and threat landscape.
Next, map your current capabilities such as resilience, BCP/DR, supply chain security, cyber risk management, incident and crisis preparedness, recovery, and assess whether they are sufficient to handle new cyber risks and upcoming regulations. Do not assume that just because something exists, it meets the requirements of new regulations, local expectations, the organization's risk appetite, or business goals. Instead, ask whether the capability is available at the right time, with the right quality, and in the right combination when needed.
Once you have a clear picture of where you are and where you need to go, look at how you can redesign your Security Function to improve speed, effectiveness, and cost. This might mean restructuring teams, automating repetitive tasks, or changing who performs activities.
The last part of the optimization journey is to look at technology. Choose AI or automation tools only after you have clarified your needs.
Think of it this way: AI probably plays a key role in future Security Functions, particularly in areas like real-time monitoring, triage, data security, supply chain security and access & identity verification. But it is only one lens among many on a multi-dimensional journey. The real objective is to build a resilient security function that enables the business to absorb disruption, recover quickly, and continue operating under pressure. In essence, a Security Function that is faster, smarter, and more cost-effective.
