If a black swan event happened tomorrow, would your organisation be ready?

That was the question Corps Security and Toro put to a room of industry leaders, security professionals and risk specialists at a recent roundtable on Building Resilience in a World of Converging Risks. 

Most hands stayed down.  

It was an uncomfortable moment and a revealing one. Not because organisations aren’t investing in security, they are. But there’s a gap between having a plan and having genuine confidence that it would hold up when information is patchy, communication lines are down and decisions can’t wait for clarity. 

The group wasn’t there to debate whether the environment is volatile. That’s taken as read. The more pressing question is what it actually means to operate within it. Geopolitical tension, digital interconnectivity, the speed at which narratives form online – these aren’t background conditions anymore. They shape how incidents emerge, escalate and are perceived, often before anyone in the organisation has a clear picture of what’s happening 

One panellist framed it bluntly: “If you’re still trying to fight the current war like the previous war, you’ll lose.” 

The pace of change is reshaping how incidents unfold 

This is visible in how modern operations are built. Critical systems aren’t accessed from controlled environments anymore. Infrastructure is managed remotely, suppliers sit deep inside operational processes and employees connect from wherever they happen to be, on whatever device they have. Flexibility has delivered real efficiency gains, but it’s also created more routes to disruption and many of them aren’t obvious until something goes wrong. 

The panel also got into how misinformation is muddying the picture. There’s a constant flow of information hitting people and they’re expected to judge what’s accurate while things are still unfolding. As one panellist noted, “Most attacks now start online, and we’ve become a generation of over-sharers.” The challenge isn’t just technical. It’s that people are being asked to filter noise in real time, under pressure, without the full picture. 

And that has real consequences. Early reports are often incomplete, sometimes just wrong. Leaders are making decisions on partial information while the operational teams are still trying to work out what actually happened. Getting the right read on a situation quickly matters just as much as detecting it in the first place. 

When pressure builds, communication and coordination are often the first systems to strain  

Something that came up repeatedly was that technical controls are rarely the weak point. Most organisations have monitoring tools and detection capabilities. The harder problem is how information moves between people once something starts going wrong. 

Those responding to an incident are usually piecing things together without a clear timeline. Information comes in fragments, sometimes contradictory and it takes time to verify. Meanwhile senior leaders need to understand the potential impact quickly so they can make decisions about operations, communications and escalation. 

That gap creates real friction. As one panellist observed, responders see the uncertainty and the work required to establish the truth, while leadership sees the consequences and the pressure to act. Even short delays in escalation can significantly increase disruption. “Five minutes, thirty minutes, an hour – the delay makes a difference,” one speaker said. 

Structure plays a role too. Teams that operate independently day to day tend to stay in their silos when a crisis hits. Plans may exist but unless people have actually rehearsed them they won’t follow them instinctively. One panellist recalled exercises where simply removing access to normal communication tools exposed how quickly coordination fell apart. “If you haven’t practised it, you don’t know what to do.” 

What sits outside your control  

Most organisations know their direct suppliers reasonably well. It’s what sits beyond that first layer where visibility drops off. Modern services depend on chains of providers, infrastructure operators and specialist vendors, some several steps removed but still supporting critical functions. 

That’s where exposure builds quietly. One panellist described a disruption traced back to infrastructure the organisation didn’t directly control. Internally everything was fine, but the dependency sat further down the chain. They’d done nothing wrong operationally and were still affected. 

Due diligence and contracts matter, but they don’t tell you how dependencies actually behave under pressure. You need to know which ones are genuinely critical, how a failure would ripple through and how quickly you could pivot if needed. Without that, weaknesses tend to show up at the worst possible moment, when options are already narrowing and the pressure is on. 

People determine whether response plans work in practice 

The discussion kept coming back to people. Technology can alert and assist but someone still has to recognise the problem, make the call and coordinate the response. 

Staff need to know the escalation pathways and feel confident using them. They also need to be able to question what they’re seeing, which is harder than it sounds when phishing, social engineering and misinformation have become increasingly convincing. One panellist noted that the volume and realism of online content now makes verification harder, not easier. “We’re becoming a generation that believes what it sees,” they said. 

Culture plays a big part in how quickly problems surface. Where escalation invites criticism or blame, people hesitate. They try to handle it themselves. The panel talked about how that hesitation can add hours to an incident that might otherwise have been contained quickly. Organisations that treat early reporting as the right move tend to catch and contain issues faster. 

Communication between operational teams and leadership matters just as much. People on the ground see the detail and the uncertainty. Leadership needs to understand business impact and make decisions fast. Closing that gap takes shared expectations, clear reporting lines and a degree of mutual trust that doesn’t just appear under pressure. 

Plans only prove their value when tested under pressure 

Most organisations have incident response and business continuity plans. Whether they work is a different question. 

The panellists were consistent on this: exercises need to be uncomfortable to be useful. Restrict communication channels, introduce conflicting information, apply time pressure. If a scenario feels controlled and predictable it probably won’t show you much. 

One speaker made the point that the real test isn’t whether the technology functions, it’s how leaders make decisions when information is uncertain and time is short. That’s what realistic exercises expose and it’s often where the gaps are. 

The organisations that tend to cope best follow a pretty simple cycle: write the plan, train the people, test it properly, refine and repeat. It builds familiarity and it surfaces weaknesses while there’s still time to do something about them. 

Investment in people remains the hardest decision to justify 

Technology investment is easier to justify. It produces visible outputs and metrics you can point to. Training, exercising and culture are harder to measure and that makes them easier to deprioritise. 

But the message throughout the discussion was consistent. Preparation depends as much on people as it does on systems. Staff need to understand how their actions affect the wider organisation when things get difficult. They need to communicate clearly, follow escalation processes and make decent decisions when the information in front of them is incomplete. 

Building those capabilities takes ongoing training, realistic rehearsal and leadership that visibly backs it. It also takes a willingness to invest in preparation for things that may never happen but would hurt badly if they did. 

Back to the opening question 

Preparedness isn’t proved by having a document. It’s proved by whether people know what to do when something unexpected happens. That’s harder to measure than a new piece of software and harder to justify in a budget conversation but it’s what determines whether an organisation absorbs a shock or is overwhelmed by one.