Multi-vendor multisig. Any vendor may have a vulnerability. It’s unlikely that two vendors will be exploited at the same time, by the same people.

Get two hardware wallets from different vendors. Use them in a 2-of-2. If you can’t afford two dedicated devices, make a 2-of-2 where one signer is hardware and the other is software with a passphrase. This is still way better than single-vendor single-sig.

If you can swing three devices from three vendors, upgrade to 2-of-3.