Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreie5unrjwcga77gpnryc2h2s36ucbhopon5wjn4ymcv2sytwkqqwom",
    "uri": "at://did:plc:qz6ohvpdsdvv5kniizyfz25y/app.bsky.feed.post/3mkmowbd2rhx2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreicfyk5jqklcifbhoh36ydjs2hio6eapfl4hqdynd7qhoke7iwcbvy"
    },
    "mimeType": "image/jpeg",
    "size": 18707294
  },
  "path": "/article/4163075/the-boardroom-divide-why-cyber-resilience-is-a-cultural-asset.html",
  "publishedAt": "2026-04-28T13:31:33.000Z",
  "site": "https://www.cio.com",
  "tags": [
    "IT Leadership, Security",
    "here."
  ],
  "textContent": "A striking gap is emerging in the way that enterprises view and mitigate their cyber risks. Research by FT Longitude for Uvance Wayfinders, Consulting by Fujitsu, suggests that while 64% of business and IT leaders believe their organization could withstand and recover from a major cyber incident without significant commercial damage, 19% disagree.1\n\nYet when you look at what separates these cyber-resilience leaders from the laggards, the difference is primarily cultural and strategic. Leaders prioritize long-term business resilience over short-term risk reduction. They’re more likely to focus on employee training and awareness and run attack simulations to test them. They monitor and govern shadow AI usage and apply appropriate security controls.\n\nCrucially, this divide extends to the C-Suite, with 62% of leaders believing cyber risk is clearly understood and overseen at the board level. Only 11% of laggards say the same.2\n\nHere the leaders have adopted a posture all enterprises should consider — that cyber resilience is a leadership, cultural and business risk issue, rather than an IT concern. If technical issues create vulnerabilities, it’s human behaviour, process gaps and operational decisions that unintentionally increase exposure.\n\nAs Laura O’Neill, Head of Advisory and Assurance at Fujitsu, explains, “treating cybersecurity as a siloed IT function reinforces the misconception that vulnerabilities are something ‘IT will fix’ rather than a shared responsibility.” “In reality,” she says, “risk exposure and resilience depend heavily on people, their awareness, incentives, decision-making and how security is prioritised in day-to-day work.”\n\nWhen security is framed as a core part of business strategy, it’s less likely to be sidelined from business conversations and more likely to be integrated into new initiatives.\n\n### **Rethinking for resilience**\n\nO’Neill suggests that struggling organizations begin with security fundamentals rather than advanced tooling. “From a governance perspective” she explains, “this means clearly assigning accountability for cyber risk at the executive level and embedding it into existing risk and decision-making forums.” Similarly, she recommends shifting away from one-off awareness training sessions to an ongoing program of role-specific education, reflecting the real-world scenarios and risks faced by different teams.\n\nThis strategic, culture-led approach is growing more important as enterprises embrace AI, while threat actors harness agentic capabilities. Traditional, perimeter-based approaches face new challenges from AI-driven threats that can adjust their behaviour autonomously. Here, security models that prioritise detection, response, redundancy and resilience will be more effective than preventive controls.\n\nO’Neill points out that, while machine-learning driven security controls and agentic AI can empower new counter measures and enhance resilience, they “are not a substitute for good governance or oversight.” Indeed, she argues, “their effectiveness depends on clear controls, human accountability and alignment with business risk appetite.”\n\nCyber-resilience leaders have learnt to factor security into innovation from the outset, rather than retrofit later. Of the resilience leaders surveyed, 72% agreed that they adopted emerging technologies cautiously, once the risks were established and guardrails were in place. Laggards appear more reckless; 58% said they prioritized early adoption of emerging technologies, even if the cyber risks weren’t fully understood.3\n\nOrganizations who have yet to adopt cyber resilience within their wider culture could be making a dangerous mistake as AI-enhanced threats scale outwards and preventive measures struggle to keep pace. This divide is defined by attitudes right now but may predict which businesses will eventually thrive or falter.\n\nGet practical guidance on building board-level cyber resilience, governing AI-driven risk and embedding security into enterprise decision-making — read the latest Uvance Wayfinders insight here.\n\n\n\n* * *\n\n1 Uvance Wayfinders AI & Cyber Reslience Report, (due to be published in June 2026)\n\n2 ibid\n\n3 ibid",
  "title": "The boardroom divide: Why cyber resilience is a cultural asset"
}