Cyber risk and leadership: Moving beyond prevention to resilience

In this IIL cyber and aviation fireside chat, the speaker, Loraine Phillips and the chair, Zoe Layden, explore why cyber resilience should be treated as a strategic investment rather than a purely technical defence. The discussion will examine how boards and senior executives can strengthen resilience by clarifying risk appetite, prioritising what truly matters operationally, and ensuring organisations are prepared to respond decisively should disruption occur. In this session, Zoe will contrast aviation vs cyber coverages, policy wording, underwriting information, etc.

Cyber resilience is a strategic leadership responsibility and a fiduciary duty for boards and senior executives. However, resources are often focused on defence, with cyber risk treated as a technical topic (and sometimes a blame issue!) for the IT department. In a rapidly changing environment, resilience is about setting the risk appetite and being ready to deal with events if and when they occur. Cyber incidents are no longer rare events; they are increasingly inevitable. The real test for organisations is not whether systems can be perfectly protected, but how well leadership performs when something does go wrong, either directly or indirectly through third-party disruption.

This session will challenge some common assumptions about cyber risk and highlight practical steps organisations can take to move beyond prevention-focused approaches. Participants will gain insight into how governance, leadership clarity and realistic scenario preparation can significantly reduce the impact of cyber incidents and improve organisational performance during crises.

Learning objectives

• Understand why cyber resilience is fundamentally a leadership and governance issue, not solely an IT responsibility
• Recognise the difference between prevention-focused cyber programmes and true organisational resilience, including the importance of readiness and response capability
• Identify practical steps boards and executives can take to strengthen resilience, including defining critical operations, clarifying decision authority and rehearsing crisis scenarios
• Understand how cyber resilience can be applied to the aviation industry

Speaker(s)