“We are now operating in a space between peace and war... Our world is being actively remade, with profound implications for national and international security.”

Blaise Metreweli, Chief of MI6

This session will examine how the geopolitics of cyberspace is reshaping corporate risk. It situates contemporary cyber contests in historical perspective, mapping the evolution of cyber risk across distinct stages – from the criminal nuisance of the 1980s to today’s highimpact interstate operations with economic and political effects. It reviews the concept of “unpeace”: a persistent condition of strategic contest below the threshold of war in which economic disruption and political subversion become common tools of statecraft. It will discuss the growing instability in cyberspace arising from the converging forces of geopolitical fragmentation and technological uncertainty associated with AI and other technological trends. Participants will leave with a sharper lens on where cyber risk intersects with great-power rivalry and what this means for enterprise resilience strategy.

“A cyberattack can hit all departments globally within minutes, even seconds. Not many other crises have that same immediate impact.”

Jo De Vliegher, Client Partner at ISTARI and former CIO at Norsk Hydro

“It’s not if, but when.” In today’s interconnected world, cyberattacks can cripple global operations within minutes, leaving organisations facing operational paralysis, financial loss, reputational fallout, and strategic risk. In this session, Jo De Vliegher—Client Partner at ISTARI and former CIO of Norsk Hydro—shares firsthand lessons from one of the most significant ransomware attacks in industrial history. When Norsk Hydro’s 22,000 computers across 170 sites were disabled almost instantly, Jo and his teams were forced to navigate a high-stakes recovery under extreme pressure. Through direct testimony and practical insights, participants will explore what it takes to lead through a cyber crisis, protect critical operations, and prepare their organisations for the realities of large-scale digital disruption.

“The resilient resists shocks and stays the same; the antifragile gets better.”

Nassim Nicholas Taleb, Author, Antifragile

Even well-prepared organisations and governments struggle to imagine — let alone prepare for — large-scale, systemic events. This session asks a pressing question: How can leaders navigate unpredictable crises? Through interactive discussion, peer exchange, and scenario-based group work, participants will explore what securing organisational resilience means, how to test it, and how to strengthen it for the future. We will examine contagion effects to identify the cascading impacts of systemic crises, apply a taxonomy of business risks to reveal organisational blind spots, and use comparative scenario analysis to assess resilience and pinpoint vulnerabilities across ecosystems. Participants will leave with practical tools to embed foresight into their risk management practices, build adaptive capacity, and position their organisations to withstand — and even thrive in — the unexpected.

“Then, in 72 words, I laid out the strategy, which was essentially to be the conduit of capital between those who have it and those who need it. That’s our job. Then we took a poll, and the result was that 98 percent understood and agreed with the strategy. Clarity of message is key.”

James Gorman, CEO Of Morgan Stanley, 2019

Can you summarise your company’s cyber resilience strategy in 35 words or less? If so, would your colleagues put it the same way? Very few executives can answer these simple questions in the affirmative. The companies that those executives work for are often the most successful in their industry. This session is dedicated to the art of understanding and crafting a cyber resilience strategy, then communicating it effectively.

“We will bankrupt ourselves in the vain search for absolute security.”

Dwight D. Eisenhower, 34th President of The United States, 1961

Security budgets are rising, yet most organisations struggle to demonstrate whether investments reduce the biggest risks or just check compliance boxes. Many operate fragmented security governance where reporting, governance, and operational security work in silos. Most decisions are driven without full understanding, reacting to incidents rather than proactively preparing for the future threat. Data-driven governance measures threat exposure, control effectiveness, and incident patterns to make defensible decisions about where to invest and what risks to accept. This session examines how to build measurement frameworks that inform strategy, communicate risk at the boards in business terms, and optimise spending based on actual cyber postures. Participants will gain practical approaches to quantifying cyber risk and using real time data to drive security decisions.

“Uber, the world’s largest taxi company, owns no vehicles.Facebook, the world’s most popular media owner, creates no content. Alibaba, the most valuable retailer, has no inventory. And Airbnb, the world’s largest accommodation provider, owns no real estate. Something interesting is happening.”

Tom Goodwin, Tech Crunch

This module is a specially designed Cambridge Judge Business School case study. Focusing on Uber and Jaguar Land Rover (JLR), the session explores the how cyber crises play out across an entire organisation, from the security operations and supply chain to the C‑suite and boardroom. Both cases reveal how organisational culture, stakeholder management, governance and leadership shape the handling of cyber crises, from data breach disclosure issues and the prosecution of Uber’s former CSO, Joe Sullivan, to JLR’s business continuity and stakeholder impact. The session critically analyses how different types of incidents demand different crisis leadership approaches, while still relying on common foundations: clear governance, stakeholder management, well-rehearsed incident response, effective internal and external communications, and a culture that supports transparency and learning.

“Ultimately, being a CISO in times of crisis requires a mix of strong decision-making, clear communication, and a focus on both the technical and human elements of leadership. It’s about guiding the team through challenging situations while ensuring they feel supported and confident in your direction.”

Tim Brown, CIO, Solar Winds

Today’s CISOs must lead at the edge of predictability— where volatility, ambiguity, and complexity converge. This session equips participants with advanced frameworks from systems thinking, culture theory, and leadership research to navigate the unknown with clarity and confidence. Through interactive exercises and peer dialogue, participants will explore how uncertainty shapes organisational behaviour, and how to respond with resilience and purpose. Drawing on the concept of liminal leadership, we will examine how to maintain agency when traditional playbooks no longer apply. Participants will leave with practical tools for sensemaking, shared leadership, and building collective direction during times of flux—embracing the CISO’s evolving role as an adaptive leader in a world of continual transformation.

“Every transaction is recorded on the blockchain forever. That makes it both the best and the worst place to commit a crime.”

Michael Gronager, CEO, Chainalysis

This session is an interactive deep-dive into one of the largest crypto heists in history. Learn how attackers stole over $1.5 billion from Bybit through a highly sophisticated supply-chain attack, and how Sygnia’s investigation exposed the tactics of the notorious Lazarus Group. Beyond the forensic story, this session will uncover vital lessons on navigating and communicating during a cyber crisis, offering practical insights you can apply in your own organisation. You will gain real-world knowledge to transform your cybersecurity readiness.

“AI is neither good nor evil. It’s a tool. Just like fire. Fire kept us warm, cooked our food, and burned down our houses.”

Oren Etzioni, CEO, Allen Institute for AI

This session will examine what the recent evolution of AI can teach leaders about resilience under accelerating technological change. It traces the evolution of machine intelligence from Alan Turing’s 1950 conception through rules-based systems in the 1960s to today’s neuralnetwork foundation models, with a focus on the strategic implications of agentic AI as systems shift from tools to autonomous actors. It will then structures the risk landscape around three pathways: offensive acceleration, model manipulation and compromise, and supply-chain targeting. The session also reviews the origins of quantum computing and the probabilistic timeline for universal quantum processors, translating those projections into concrete preparedness measures and decision thresholds. The central aim is preparedness: understanding why LLMs caught many organisations off guard and applying that lesson to build quantum readiness early enough to avoid strategic surprise in technology management.

“It is easy to dismiss all communications as ‘spin’. But, in a crisis, communication really matters. It must be embedded in strategy.”

Alastair Campbell, Director of Communications and Strategy for Prime Minister Tony Blair

Get to the heart of a fast-moving cyber crisis where technical escalation meets political complexity. In this immersive tabletop exercise, participants will navigate the strategic, legal, regulatory, and ethical challenges triggered by a high-impact cyberattack of uncertain origin. Designed to mirror the realities of modern crises, this simulation tests leadership judgment, decision-making under pressure, and cross-functional coordination. Participants will rehearse how to respond when every move carries operational, reputational, and geopolitical consequences.

“Thinking is easy, acting is difficult, and to put one’s thoughts into action is the most difficult thing in the world.”

Johann Wolfgang von Goethe

The final session culminates all the knowledge and skills gained throughout the programme. It provides a toolkit that can empower cyber executives to put their learning into action within their respective companies. This session serves as a platform for participants to share their strategic thinking, leadership abilities and new-found expertise and how as a cohort they can continue their journey as a community of peers.