Business Continuity Archives

Supply chain resilience is about managing persistent uncertainty – and needs active governance

In this piece, Gavin Wilson argues that supply chains can no longer be treated as purely commercial functions but must be managed as core risk systems. With geopolitical tension, regulation, climate disruption and hidden dependencies all shaping outcomes, disruption is now constant rather than exceptional. He highlights how many organisations remain exposed due to limited visibility and fragmented ownership, often reacting only once issues arise. His focus is on active governance, deeper supplier insight and earlier involvement of risk functions, ensuring resilience is built in before disruption hits rather than after.

Converged Risk in Practice

Our second converged security session hosted in partnership with Mitie brought together senior leaders from security, risk and resilience to explore a practical question: what does convergence look like when it works and why does it remain so difficult to achieve? The session was designed to focus on practice rather than theory. Each panellist was asked to share an example of where convergence is

Why supply chain resilience now sits at the centre of organisational risk

Why supply chains must be treated as risk systems. Explore geopolitical risk, climate disruption and resilience in modern supply chain governance.

Business continuity planning: preparing organisations to operate through disruption

At Toro, business continuity is treated as an operational capability rather than a compliance document.

Who actually owns risk in a converged world?

In this article, Katie Barnett, Director of Cyber Security, and Gavin Wilson, Director of Physical Security and Risk at Toro Solutions, warn that many organisations talk about convergence but stop short of true accountability.

While cyber, physical and people risks are increasingly connected, ownership of those risks often remains fragmented. Different teams manage different parts of the picture, with no single leader responsible for how those threats combine. The result is blurred accountability, slow decision-making and gaps that only become visible during an incident.

Barnett and Wilson argue that collaboration alone is not enough. Without clear authority, board-level visibility and a culture that supports joined-up thinking, risk continues to sit between functions rather than being actively managed. Convergence, they conclude, only works when someone is clearly accountable for the whole picture.

People not plans

In this recent press piece, Toro Solutions’ Directors of Cyber Security and Physical Security and Risk discuss why resilience is about people, not paperwork.

They argue that most organisations don’t fall short because they lack plans, but because their teams operate in silos. When cyber, physical and operational functions fail to share context early, warning signs are missed and response slows down. Convergence, they explain, isn’t about restructuring it’s about getting the right people talking before small issues turn into bigger problems.

Because when pressure hits, it’s not the plan that makes the difference, it’s how well your teams work together.

How to identify your organisation’s most critical third party risks

Explore third party risks and learn how to identify and manage the potential impact on your organisation’s security and operations.

It’s 2026. Why are the basics still being missed?

The biggest cyber risks in 2026 aren’t new technologies – they’re old controls that were never enforced, reviewed or removed.

Why real resilience happens when teams actually talk to each other

Resilience isn’t built on plans alone. Learn how breaking down silos, improving communication and connecting people strengthens real organisational resilience.

How threat actors really operate

Most attacks don’t begin with a breach – they begin with a decision. In this article, Toro Solutions’ Directors of Cyber Security and Physical Security explore how modern threat actors quietly assess risk, observe behaviour, and exploit the spaces between cyber, physical, and human security. By understanding the converged pathways attackers follow long before an incident occurs, organisations can reduce exposure, improve early detection, and make themselves a far harder target.

The NCSC Says “It Is Time to Act”, But How?

One theme runs through the NCSC’s latest Annual Review: resilience isn’t optional anymore and as Peter Connolly, CEO of Toro Solutions, points out, many organisations still haven’t built the foundations they need.

Connolly stresses that frameworks like ISO 27001 aren’t about box ticking. They give leaders a clear, practical way to weave security into everyday business, not just the IT team. “It’s a framework that forces you to look at people, processes and physical security as well as the tech,” he says. “Once that thinking becomes part of daily operations, you’re in a far stronger position when something goes wrong.”

His message fits closely with the government’s call for FTSE 350 boards to take cyber risk seriously: resilience has to be led from the top, and it has to be consistent.

Read the full piece to see how Connolly believes UK organisations can move beyond firefighting and start building the kind of resilience the current threat landscape demands.

Converged Resilience

A candid discussion on converged resilience – bringing together leaders to share challenges, insights, and practical steps toward a truly integrated approach to security and risk.