From cybersecurity to cyber resilience: towards a new CEO playbook

Wed, 7th June 2023

View all events

About the event

Panel discussion on the CEO’s role in managing cybersecurity risk with the authors of the 'CEO Report on Cyber Resilience'.

When interviewing CEOs for the recent research study the CEO Report on Cyber Resilience, co-author Rashmy Chatterjee says, it was notable how many of them tried volunteering their Chief Information Security Officer (CISO) instead. ‘When you first tell the CEO that you want to have an hour-long discussion with them about cyber security [the response is one of] discomfort: it's “I have a great CISO”. But we really want to talk to you. “But can I have my CISO in the room?”’

This Future of Business event was held on the same day that the hacking gang Clop revealed themselves to have been behind a massive cyberattack on large organisations including the BBC, British Airways, and Boots. Cybersecurity is a major concern and a top priority for CEOs, but many of them remain woefully under-prepared. Indeed, one of the first findings of the report revealed during the event is that 72 percent of CEOs feel uncomfortable making decisions in the area of cyber security.

An expert panel discuss the Report and offer insights and advice to CEOs and boards about anticipating, withstanding, responding, and adapting to this ever-growing threat.

Speakers:

Bob Dudley, former CEO of BP and chairman of the board of directors at Axio
Rashmy Chatterjee, CEO of ISTARI and supervisory board member at Allianz SE
Robert Hannigan, Former Director, GCHQ and chairman, BlueVoyant International
Eleanor Murray, Associate Dean for Executive Education, Saïd Business School
Michael Smets, Professor of Management, Saïd Business School
Manuel Hepfer, Research Affiliate, Saïd Business School

Themes include:

Cyber Resilience is what counts – not just cybersecurity. This is a particularly important mindset for CEOs: theirs is not a technical, IT-based job, but one of creating the systems and culture to be able to recover and even come back stronger after an attack.
Understanding risk is more than a tick-box exercise. Current risk frameworks such as a traffic-light system do not help CEOs really understand the complex and ever-changing cyber-risk landscape.
CEOs should look to the future. Agile methodologies encourage reviews and retrospectives, but resilient organisations are adaptable though being future focused and alert to the weak signals that show where potential future challenges may emerge.