Despite broad consensus on the importance of collective cyber resilience, Federal agencies and private sector organizations continue to face execution challenges, according to new research released today by MeriTalk and RSA Conference (RSAC).
The “2025 Collective Cyber Resilience Index” reveals that while 85 percent of cybersecurity leaders consider cross-organizational collaboration essential to their defense strategies, only 35 percent believe their current efforts are highly effective.
The research – based on a survey of 100 Federal and 100 private sector cybersecurity decision-makers – found that 79 percent of respondents have increased engagement with external partners over the past three years. Yet structured collaboration remains limited. Just over half (53 percent) participate in government-led information-sharing programs, while only 31 percent engage in joint threat-hunting initiatives.
“Cyber resilience today hinges on collective action,” said Nicole Burdette, principal at MeriTalk. “But intent without infrastructure won’t cut it. As threats accelerate, organizations need real-time intel exchanges, standardized protocols, and deep trust across sectors to deliver impact.”
The index scores overall collective cyber resilience at 6.7 out of 10. AI and automation scored the lowest (6.1), followed by supply chain security (6.2). Although 99 percent of organizations have automated some aspect of vulnerability management, only one in three feel well prepared to respond to AI-enabled cyberattacks.
Additionally, 75 percent say overreliance on key technology providers poses a growing concern, and 72 percent cite inconsistent security practices across partners as a greater threat than cyber adversaries themselves.
High-performing organizations – those that rate their resilience efforts as “excellent” – stand apart. They are five times more likely to share threat intelligence daily, and nearly twice as likely to have formal incident response coordination with all key partners. These organizations also lead in zero trust adoption, AI and automation deployment, and third-party risk visibility.
“Collaboration is easy to endorse, but hard to operationalize,” said Britta Glade, senior vice president of content and communities at RSAC. “This study highlights where progress is happening and what still needs to be built – from cross-cloud security standards to legal guardrails for sharing intel in real time.”
The report offers actionable recommendations to accelerate collective resilience, including real-time threat intelligence sharing, enhanced supply chain monitoring, cross-sector incident simulations, and standardized AI and cloud security protocols.
For more insights, view the full report here.