Cyber Resiliency Board Briefings

“Cyber resiliency is a leadership discipline, not a technical capability.”

Much of the cyber industry narrative still focuses on prevention, detection and tooling. These are all hugely important aspects, but largely irrelevant at the point where the organisation is already compromised. When your organisation can’t deliver products, services or its mission and, identities are untrusted and time pressure is acute, the problem shifts from “How do we stop this?” to “How do we safely continue operating?” That transition is where many organisations falter.

The Cyber Resilience Board Briefings is designed to address that gap. Each briefing will be:

  • Short and focused, easily consumable by the board

  • Grounded in real incident patterns I’ve observed first-hand

  • Framed in business and governance language

  • Oriented around decisions, not tooling

Cyber Resilience Board Briefings are for:

  • Board members and non-executive directors

  • Chief Information Officers, Chief Information Security Officers and Chief Risk Officers

  • Investors and advisors to technology organisations

If your role involves oversight, accountability, or decision-making under uncertainty, this series is for you.

Introducing the Blog Series: Cyber Resilience Board Briefings

Cyber Resilience Board Briefing Series 1: Recovery vs Recovery to a Trusted State

Cyber Resilience Board Briefing Series 2: Identity as the Critical Path

Cyber Resilience Board Briefing Series 3: Why Recovery Capability Is Now a Board-Level Risk

Cyber Resilience Board Briefing Series 4: The Illusion of Clean Backups

Cyber Resiliency Board Briefing 5: Minimum Viable Company: Why Recovery Priorities Must Be Decided Before the Crisis

Cyber Resiliency Board Briefing 6: Cyber Recovery Is About Restoring Trust, Not Restoring Data


James “Jimmy” Blake

I help boards and executive teams understand how organisations survive destructive cyberattacks: how they maintain minimum viable operations, make decisions under uncertainty, recover critical services, and rebuild trust.

True cyber resilience is not achieved by buying more security technology. It is created when governance, assurance, operational processes, organisational culture and technical controls work together. The goal is not simply to prevent attacks, but to enable an organisation to anticipate disruption, withstand it, recover quickly, and emerge stronger.

Today's threat environment demands a different approach. Organisations face an expanding attack surface, increasingly capable adversaries, ransomware-as-a-service, AI-enabled attack techniques, and growing geopolitical instability. Attackers are becoming faster, more scalable and more effective at bypassing traditional defensive controls.

The organisations that suffer the most damaging ransomware and destructive cyber incidents are often not those lacking budget or technical expertise. Many have invested heavily in security tools and skilled personnel. Yet they still experience prolonged outages, significant data loss and lasting damage to reputation because resilience is ultimately an organisational capability, not a technology capability.

Preparing for disruption requires leaders to answer difficult questions before a crisis occurs. What are the minimum services that must continue? How will decisions be made when information is incomplete? Which risks are acceptable, and which are existential? How will customers, regulators and the public judge the organisation's response?

My work helps executive leaders answer those questions and build the governance, operating models and recovery capabilities that allow organisations to continue functioning when prevention alone is no longer enough.



Previous Speaking Engagements and Workshops