The Cyber Resilience Compass 2025

–CISOs and technical teams evaluate tools to assess their effectiveness in achieving the desired outcomes and to ensure the best fit for the organization’s needs. This includes understanding case studies of similar organizations and conducting regular value assessments. Most experts acknowledged progress has been made in raising cyber hygiene, but several pointed out that basic practices were still not being implemented universally. Others highlighted the challenge of technical debt – systems and architectures that are no longer supported or lack mitigations to prevent incidents from propagating. Just as risk-owners may not fully understand the technology behind their critical business services, technical teams sometimes fail to grasp the business priorities of the front-line operations they are intended to support. Investments in technical controls are not always aligned with the most relevant risks to the business. We are thinking about potential disruptions when designing our systems. We take the premise that everything that can go wrong will go wrong, so we prepare our systems to withstand multiple points of failure and avoid single points of failure. Deryck Mitchelson, Global Chief Information Security Officer, Check Point Software I try to analyse the major attacks that occur both in the financial as well as other industries to understand the attack tactics and exploits, and if my controls would have failed in that situation to learn from it. Jeff Farinich, Senior Vice-President, Technology Services; Chief Information Security Officer, New American Funding Building a security operations centre (SOC) is a complex endeavour that requires the balancing of speed, efficiency and quality in threat detection and response. Building a SOC comes with challenges such as ensuring an outcome- driven approach rather than a tool-centric one, maintaining scalability and standardization across operations, managing resource limitations and integrating emerging technologies while ensuring interoperability and effectiveness. Splunk’s approach to SOC operations addresses these challenges by focusing on quality and operational outcomes rather than simply resolving tickets quickly or deploying the latest security tools. This encompasses: –Data-driven decision-making: Splunk ensures technology investments align with security outcomes, enhancing detection, response and resilience. –Automation for efficiency: Automated processes reduce human error, ensure consistent responses and allow analysts to focus on higher-level tasks. –Improved detection and response: Splunk achieves detection times of less than seven minutes for critical threats while enhancing collaboration and expanding services without adding resources. –Partnership-driven innovation: Collaborating with vendors, including non-Splunk solutions, ensures tools meet operational needs and contribute to a stronger security ecosystem. Building an effective SOC requires more than just assembling security tools – it demands a strategic approach focused on outcomes, automation and continuous improvement. Splunk’s operations centre exemplifies this by ensuring high-quality, scalable security operations while promoting innovation through partnerships, ultimately strengthening overall resilience by enhancing adaptability and operational consistency.CASE STUDY 9 Splunk – Beyond “tooling”: A focus on quality and ecosystem collaboration The Cyber Resilience Compass: Journeys Towards Resilience 17