Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


The Official Baldrige Blog

Cyber Expert to Highlight Risks, Opportunities, and How to Build Resilience in the Age of AI

Build Resilience in the Age of AI showing a man standing with a graduation cap and suite on with cyber icons around him.
Credit: First Health Advisory
image of Vikrant Arora, executive chief information security officer for First Health Advisory
Vikrant Arora, Executive Chief Information Security Officer, First Health Advisory
Credit: First Health Advisory

Vikrant Arora, an industry-recognized thought leader committed to transforming cybersecurity practice, education, and leadership, will be a plenary speaker on Monday, April 8, at the 35th Quest for Excellence Conference®. Arora serves as executive chief information security officer for First Health Advisory, a digital health risk assurance organization that aims to help organizations protect their vital interests and accelerate efficiency from the board room to the operating room. Vikrant’s goals are to champion cybersecurity firsts for global industry leaders, building high-performing teams, driving unprecedented risk awareness, and expertly responding to security incidents and threats to business continuity.

I recently asked Arora a few questions in anticipation of his upcoming presentation. Following are his responses.

Briefly highlight what you’ll cover in terms of organizational resilience.

Ensuring resilience in the age of artificial intelligence (AI) brings increasing threats and opportunities. With AI comes unique threats that are different from previous technologies; for example, AI is self-learning and constantly evolving. Reliance on technology vendors brings extremely high third-party risk—even if your organization is not directly using AI, chances are that one of your technology partners is introducing AI into its business processes and into your ecosystem.

What do you see as the greatest cybersecurity challenges to today’s organizations? 

In general, the biggest challenges can be divided into three buckets:

  1. Systems for governance and talent are not able to keep pace with digital innovation, such as AI.
  2. The emerging threat landscape, including sophisticated cyber threats, is leading to outages. 
  3. The evolving regulatory landscape is leading to unique compliance requirements across industries and especially in health care.

In addition, the presence of legacy operating systems and technology, and a very complex system of third- and fourth-party business associates continue to make it difficult for health care and other organizations to manage cyber risks. 

In light of the Baldrige Award’s added focus on organizational resilience, would you share an example that you have seen that had a significant impact in supporting organizations’ success?

I recommend using the NIST Cybersecurity Framework (CSF) as a north star for implementing cybersecurity in any organization. The framework includes the best practices that an organization must have in place to reduce the impact of cyberattacks, and is split into best practices for before, during, and after an attack. The CSF requires an incident response playbook, with routine table-top exercises to form muscle memory and a strong focus on business continuity and disaster recovery. 

Technology can be down for a malicious reason or an inadvertent failure, but we need to deliver core services in a trustworthy manner to ensure an organization’s resilience.

How would you recommend that senior leaders be prepared to address challenges and be more risk aware? 

Given the evolving landscape,

  1. Approach cybersecurity as a business requirement. In health care, cybersecurity should be patient safety. 
  2. Focus on talent and education, not just on technology and vendors. 
  3. Ensure effective and practical governance so that all technologies are introduced with a business mindset of solving problems and include a process-centric approach rooted in measurement, accountability, and education. Effective governance is not a new concept, but the uniqueness of AI highlights existing cracks and can make an organization more vulnerable.

Join us at the Quest for Excellence® 2024!

The Quest for Excellence Conference April 7-10, 2024 - Register Today!

The Quest for Excellence® Conference

Sunday, April 7–Wednesday, April 10, 2024  |  #BaldrigeQuest

The conference will feature new and exciting opportunities to learn role-model best practices from nationally recognized thought leaders, Baldrige Award recipients, and representatives from other high-performing organizations. Conference highlights include sessions focusing on organizational resilience and future emerging challenges and take-home solutions to help your organization achieve breakthrough performance in areas such as leadership; strategy; customers; measurement, analysis, and knowledge management; workforce; and operations.

Register Today! 

About the author

Dawn Bailey

Dawn Bailey is a writer/editor for the Baldrige Program and involved in all aspects of communications, from leading the Baldrige Executive Fellows program to managing the direction of case studies, social media efforts, and assessment teams. She has more than 25 years of experience, 18 years at the Baldrige Program. Her background is in English and journalism, with degrees from the University of Connecticut and an advanced degree from George Mason University.

Related posts


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.