CXOs must shift from reactive cybersecurity postures and become increasingly proactive, especially as their organizations’ dependence on technology continues to rise.

Over the weekend, and into Monday, several major European airports—including Heathrow, Brussels, Berlin Brandenburg, Dublin, and Cork—were severely disrupted by a ransomware attack that targeted their collaboration and workflow platform, MUSE (Multi-User System Environment) provided by Collins Aerospace. The attack incapacitated automated check-in and boarding systems, forcing many airlines and ground operations to switch to manual fallback processes.

Earlier this month, on September 2, 2025, Jaguar Land Rover suffered a cyberattack that forced the shutdown of global IT systems and halted vehicle production at UK manufacturing plants and retail operations worldwide. The breach involved data theft, although the exact nature (customer, employee, or other business-sensitive data) is still under investigation. 

Over 100 flights were delayed or canceled at Brussels alone, with similar disruptions at other airports.

These recent incidents — with lasting operational impacts that last weeks — highlight critical risks in interconnected infrastructures and third-party IT dependencies, primarily driven by rapid digital transformation.

These enterprise risks aren’t going away. Grand View Research projects digital transformation investments will soar about 29% annually, from $1.1 trillion this year to $4.6 trillion by 2030. Investments in digital transformation — including AI, cloud, user experience, and supply chain optimization — are driven by intense competition and the need for agility. 

Enterprise technology leaders report that business, process, and technology transformation efforts, once spanning years, are now expected to deliver results within months, even weeks — reflecting both higher stakeholder expectations and the disruptive influence of innovations.

Ed Lewis, managing partner at cybersecurity firm Optiv, emphasizes that CIOs and CISOs must understand how to ensure their security processes, training, and technological controls evolve at the same pace as they adopt new technologies, thereby managing emerging risks effectively. 

Security in the Age of Relentless Change

That sounds straightforward, but it’s far from it. Rapid transformations and the adoption of enterprise business-technology systems often result in gaps in regulatory compliance and security teams stretched beyond capacity. 

Amanda Berlin, a senior manager at threat detection and incident response services provider Blumira, warns that new technologies may seem easy to implement and promise to solve problems, but they also almost always introduce new challenges and require even more security vigilance and expertise. “Despite the speeds and risks, enterprises often overlook security in technology planning and design discussions, when the most significant impact can be made, which increases risk as organizations accelerate their digital transformation,” Berlin says.

Security experts advise CIOs to shift from a reactive approach to cybersecurity risks to a proactive one, especially as their organization’s dependence on technology continues to increase. Ensuring the organization manages cybersecurity risk and digital transformation effectively is one of the defining challenges today. 

Ben Nelson, CISO at FICO, notes that the foundations of cybersecurity—asset identification, understanding threat landscapes, insider risk—do not fundamentally change with accelerating transformation. “It’s that the scope and the complexity of threats have changed,” he said.

Here’s how enterprises can keep that scope and complexity aligned with risk:

Shifting from Silos to Strategic Partnership

Both Nelson and Berlin emphasized the importance of embedding cybersecurity within business decision-making from the inception of ideas, rather than retrofitted after innovation is underway. This cultural shift hinges on building relationships beyond IT and throughout the organization, including COOs, CMOs, CFOs, and others, and on becoming a master at translating technical risks into tangible business impacts for these executives.

Nelson points out that security teams, by virtue of their cross-domain responsibility, often have the most complete picture of business processes and risks. He urges security professionals to educate their peers and share this perspective assertively and constructively throughout the C-suite. By being approachable and involved, Nelson contends, security gains an invaluable seat at the table—moving from “obstacle” to “enabler” in the eyes of business leaders.

“You need a really robust operating model, but you also have to get these partnerships right to make sure they not only understand the risks, but that they also understand what’s being done [with technology] and how it’s being used,” says Lewis.

Automation, AI, and the New Risk Equation

Fortunately, digital transformation not only brings new levels of technology risks, but also potentially improved ways of managing enterprise risk. For instance, Nelson describes how generative AI is now used to fast-track threat modeling for new applications, accelerating project velocity while keeping security in the loop. Machine learning powers detection and threat hunting. The vision of automatic, in-the-moment, remediation—long a dream of security operations—is within reach in many situations, as attacks become faster. Yet Nelson and Berlin are wary about overreliance on AI and automation, and they urge teams to treat AI as an enhancer, not a replacement for human judgment.

As with past innovations, the “magic dust” of AI can create a false sense of safety if management concludes that the technology itself is a panacea, Berlin says. “Automation should reduce human error but never become a crutch that undermines vigilance, creativity, and adaptability,” she says.

Embedding Continuous Assessment and Regulatory Compliance

With the accelerating digital transformation, periodic security and compliance reviews are obsolete. Nelson emphasizes the need for “continuous assessment—continuous monitoring of privacy, regulatory, and security controls,” with automation used wherever feasible. Third-party and supply-chain risk must be continuously monitored, not just during vendor onboarding. Similarly, asset management can no longer be neglected, as even overlooked legacy devices—like unpatched Windows XP machines in manufacturing—can serve as vectors for persistent threats.

Effective governance is crucial to enhancing security during periods of rapid digital transformation, Nelson emphasized. By establishing robust frameworks and clear policies for acceptable use, organizations can ensure that new technologies, such as AI, are adopted responsibly and securely. Governance provides the structure for cross-functional collaboration between security, IT, and business leaders, enabling them to understand and manage emerging risks. It also emphasizes the importance of employee education and enablement, ensuring that staff are aware of both the opportunities and dangers associated with new tools. 

Technological controls and monitoring further reinforce these policies, providing visibility into how digital assets are used and helping to prevent unauthorized or risky behavior. Together, these governance measures create a foundation that allows organizations to innovate and transform at speed, without sacrificing security or exposing themselves to unnecessary risk.

GRC Keeps Cybersecurity Efforts Aligned with Business Objectives

Maintaining cybersecurity within Governance, Risk, and Compliance (GRC) programs helps keep security from being a reactive cost center, as security measures are woven into the digital strategy from the outset, rather than being retrofitted. And GRC frameworks provide real-time visibility into organizational risks, facilitate data-driven decision-making, and create a culture where risk awareness coexists with innovation.

By establishing clear governance structures, continuous risk monitoring, and automated compliance processes, GRC enables organizations to strike a balance between the drive for innovation and the necessity of risk management. This harmony between governance and digital initiatives helps businesses navigate the digital landscape while ensuring their operations remain secure, compliant, and prepared to adapt to change. The result is enhanced organizational resilience that allows companies to not only protect their current operations but also lay a strong foundation for future growth and innovation in an increasingly interconnected digital environment.

“I think governance, partnership, enablement, and then the technology go a long way to helping to secure the enterprise,” says Lewis.

Nelson agrees that successful cyber risk management during rapid digital transformation is about tools and technology, but it’s also about relationships, trust, creativity, and aligning security with core business goals. Despite a vastly transformed threat landscape, the organizations that thrive are those that embed security deeply into their culture, making it a shared mission. “It’s those organizations that can adapt their people and processes as energetically as their technology that will best manage cybersecurity risk through the waves of digital transformation,” Berlin says.