The Cyber Resilience Compass 2025

Experts highlighted the practical challenge of securing the level of top leadership engagement described in the examples above. The primary reasons cited were the limited time leaders have to address cyber risks and the difficulty of translating complex technical issues into terms that relate to business leaders’ main goals and objectives. Scenario planning and executive tabletop exercises were recommended as effective methods to engage leadership and increase awareness of the connection between critical business processes and the supporting capabilities, including both internal technologies and external services. In organizations that had experienced significant cyber incidents, the dynamic was very different – these events often resulted in a dramatic increase in leadership awareness and concern for the issue. In organizations that are best in class, you can ask business leaders, ‘What are the most pressing cybersecurity issues?’ And they will be able to name the top three because they are working on those issues. Natalia Oropeza, Global Chief Cybersecurity Officer; Chief Diversity and Inclusion Officer, Siemens We started with making sure that everybody understands the challenges associated with security broadly. The messages come from the CEO as well, not just from the CIO or IT. This constant feedback and dialogue is important and, if it comes from the C-suite, it makes an impact for the entire organization. Pankaj Paul, Director, Strategy and Innovation, Burjeel Holdings The Cyber Resilience Compass: Journeys Towards Resilience 9