Senior risk, resilience and security leaders gathered at the National Liberal Club to discuss what organisational resilience looks like in practice, covering decision-making under pressure, governance, recovery planning, supply chain vulnerabilities, AI, culture and crisis preparedness.
In this piece, Gavin Wilson argues that supply chains can no longer be treated as purely commercial functions but must be managed as core risk systems. With geopolitical tension, regulation, climate disruption and hidden dependencies all shaping outcomes, disruption is now constant rather than exceptional. He highlights how many organisations remain exposed due to limited visibility and fragmented ownership, often reacting only once issues arise. His focus is on active governance, deeper supplier insight and earlier involvement of risk functions, ensuring resilience is built in before disruption hits rather than after.
Our second converged security session hosted in partnership with Mitie brought together senior leaders from security, risk and resilience to explore a practical question: what does convergence look like when it works and why does it remain so difficult to achieve? The session was designed to focus on practice rather than theory. Each panellist was asked to share an example of where convergence is
Why supply chains must be treated as risk systems. Explore geopolitical risk, climate disruption and resilience in modern supply chain governance.
At a Corps Security and Toro roundtable, industry leaders examined how organisations build resilience amid geopolitical tension, digital interconnectivity and misinformation and why real preparedness depends on people, communication and tested response plans, not just documented strategies.
In this article, Katie Barnett, Director of Cyber Security, and Gavin Wilson, Director of Physical Security and Risk at Toro Solutions, warn that many organisations talk about convergence but stop short of true accountability.
While cyber, physical and people risks are increasingly connected, ownership of those risks often remains fragmented. Different teams manage different parts of the picture, with no single leader responsible for how those threats combine. The result is blurred accountability, slow decision-making and gaps that only become visible during an incident.
Barnett and Wilson argue that collaboration alone is not enough. Without clear authority, board-level visibility and a culture that supports joined-up thinking, risk continues to sit between functions rather than being actively managed. Convergence, they conclude, only works when someone is clearly accountable for the whole picture.
Peter Connolly, CEO of Toro Solutions, featured in SecurityWeek’s Cyber Insights 2026 report on cyberwar and rising nation state threats.
Quoted alongside global industry leaders, Connolly highlighted one of the biggest challenges facing organisations today: attribution. “Businesses may see the activity, but proving who is behind it often requires classified intelligence and corroboration from other sources that private firms simply do not have access to,” he said, underscoring the uncertainty that shapes response and accountability in an era of blurred lines between criminal and state-backed activity.
The piece explores how cyberwarfare is evolving, why attribution remains complex, and what this means for enterprise resilience in 2026.
In this recent press piece, Toro Solutions’ Directors of Cyber Security and Physical Security and Risk discuss why resilience is about people, not paperwork.
They argue that most organisations don’t fall short because they lack plans, but because their teams operate in silos. When cyber, physical and operational functions fail to share context early, warning signs are missed and response slows down. Convergence, they explain, isn’t about restructuring it’s about getting the right people talking before small issues turn into bigger problems.
Because when pressure hits, it’s not the plan that makes the difference, it’s how well your teams work together.
Resilience isn’t built on plans alone. Learn how breaking down silos, improving communication and connecting people strengthens real organisational resilience.
Website DDoS attacks aim to overwhelm systems, networks or applications so legitimate users cannot access them. Calm, structured action in the early stages can significantly reduce operational and reputational impact.
One theme runs through the NCSC’s latest Annual Review: resilience isn’t optional anymore and as Peter Connolly, CEO of Toro Solutions, points out, many organisations still haven’t built the foundations they need.
Connolly stresses that frameworks like ISO 27001 aren’t about box ticking. They give leaders a clear, practical way to weave security into everyday business, not just the IT team. “It’s a framework that forces you to look at people, processes and physical security as well as the tech,” he says. “Once that thinking becomes part of daily operations, you’re in a far stronger position when something goes wrong.”
His message fits closely with the government’s call for FTSE 350 boards to take cyber risk seriously: resilience has to be led from the top, and it has to be consistent.
Read the full piece to see how Connolly believes UK organisations can move beyond firefighting and start building the kind of resilience the current threat landscape demands.
A candid discussion on converged resilience – bringing together leaders to share challenges, insights, and practical steps toward a truly integrated approach to security and risk.
