Cyber Resilience: From the Floor to the Board
The event brought together practitioners, technology providers and business leaders around a timely theme: how cyber resilience needs to evolve in the human-AI era.
The wider conference covered several important topics, including AI-driven threats, identity, critical infrastructure, third-party risk, AI in the SOC, quantum resilience and the changing role of people in cybersecurity.
A recurring message was clear: AI is changing both sides of the equation.
It gives defenders new capabilities for detection, automation and analysis, but it also increases the speed, scale and sophistication available to attackers.
My contribution to one of the panel was focused on a more operational question: what really happens when an organisation faces its first serious cyber incident, and how can companies be better prepared before that moment arrives?
From experience, the first major incident is rarely just a smooth sailing event. It quickly becomes a chaotic event, often with some sparkle of panic and stress.
The pressure is often immediate. Decisions must be made with incomplete information. Teams need to understand what has happened, what is still happening, what systems can be trusted, what services must be prioritised, who needs to be informed, and what the business impact may be.
At the same time, executives need clear, factual and regularly updated information, not technical noise or premature conclusions.
This is where preparation and practice make a significant difference.
Incident response is not something that should be improvised during a crisis. Organisations need clear roles and escalation paths, tested communication channels, practical playbooks, reliable backups, visibility across critical systems, and an agreed understanding of business priorities.
Also very important and often forgotten, the technical response must be connected to the business response.
One important theme from the event was that cyber resilience is broader than prevention.
Prevention remains essential, but no organisation should build its strategy on the assumption that every attack can be stopped.
A mature approach must also include the ability to anticipate, withstand, recover and adapt. That means understanding critical business processes, knowing recovery objectives, testing assumptions, and learning from incidents and exercises.
AI adds another layer to this discussion. It can help security teams reduce noise, accelerate triage, support investigation and automate low-risk actions. But it does not remove the need for human judgement. AI can help identify anomalies; it cannot decide what level of risk the business is willing to accept. Those decisions still require context, accountability and leadership.
For me, the key takeaway from the panel was simple: the organisations that respond best are not necessarily those with the biggest security budgets. They are the ones that have prepared honestly, tested realistically, and connected cybersecurity with business continuity, crisis management and executive decision-making.
Cyber incidents expose the gap between what an organisation believes is documented and what it can actually execute under pressure. Closing that gap is one of the most practical steps any company can take to improve resilience.
The Security First event was a valuable opportunity to discuss these issues with peers and local leaders, and it was encouraging to see the conversation move beyond technology alone. Cyber resilience is not only about tools. It is about people, decisions, preparation and the ability to keep operating when conditions are no longer normal.
References:
