Senior risk, resilience and security leaders gathered at the National Liberal Club to discuss what organisational resilience looks like in practice, covering decision-making under pressure, governance, recovery planning, supply chain vulnerabilities, AI, culture and crisis preparedness.
In this piece, Gavin Wilson argues that supply chains can no longer be treated as purely commercial functions but must be managed as core risk systems. With geopolitical tension, regulation, climate disruption and hidden dependencies all shaping outcomes, disruption is now constant rather than exceptional. He highlights how many organisations remain exposed due to limited visibility and fragmented ownership, often reacting only once issues arise. His focus is on active governance, deeper supplier insight and earlier involvement of risk functions, ensuring resilience is built in before disruption hits rather than after.
Due diligence isn’t just a box to tick – it’s where risks surface. Done properly, it reveals the small issues that often lead to bigger failures later.
From Phishing to Deepfakes, here are ten of the biggest cyber security risks that UK businesses should be thinking about in 2026.
At Toro, business continuity is treated as an operational capability rather than a compliance document.
FCA CP24/28 will change how firms report operational incidents and manage critical third parties. What’s changing and why security teams should act now.
If one supplier experiences a security breach or operational failure, the impact can spread quickly through your business. That is why third party risk management is now a critical part of building organisational resilience.
