Cyber risk is now a leadership risk — not a technical one
If you’re leading a business or sitting on a board, the last 12 months has given you plenty of reasons to revisit your risk assumptions.
Geopolitical instability. Fragile supply chains. And a sharp rise in cyber incidents that don’t just compromise data — they stop organisations operating.
You can’t control the chaos.
But you can prepare for it.
Recent attacks on organisations such as Jaguar Land Rover, Marks & Spencer and the Co-op demonstrate a hard truth: even well-resourced, well-defended organisations can be brought to a halt. In JLR’s case, production stopped across multiple sites, affecting thousands of suppliers and contributing to an estimated £1.9bn impact on the UK economy.
The lesson for boards and executive teams is not purely technical.
As Richard Horne, CEO of the National Cyber Security Centre, has said:
“For too long, cyber security has been regarded as an issue predominantly for technical staff. This must change. All business leaders need to take responsibility for their organisation’s cyber resilience…. It is time to act.”
Regulation is coming. The UK’s proposed Cyber Security and Resilience Bill is expected to raise expectations of boards and may extend directors’ fiduciary duties to cyber risk. But compliance alone won’t protect your organisation when systems fail and decisions need to be made fast.
What matters then is leadership capability under pressure.
We’ve developed a new service focused on building crisis capability in senior leadership teams through realistic, scenario-based cyber exercises.
Over the next week, we’ll publish three short articles exploring:
- how the cyber threat has evolved and why leadership teams are increasingly exposed
- what actually happens inside organisations during a cyber crisis
- how to build the capabilities needed to respond effectively – adaptive, flexible, resilient, innovative leadership
These pieces are written for chief executives, chief operating officers, board members and senior leaders responsible for risk, communications, security and technology.
They’re not technical deep dives. They’re about decision-making, authority, communication and leadership when the pressure is highest.
If cyber risk sits anywhere on your agenda — and it should — we hope you’ll find them useful. And if they raise questions about your own readiness, we’d welcome a conversation.
Crisis Capable 
Leave a comment