Last night, a room full of business owners tried to answer a deceptively simple question: what does it mean to be resilient when you don’t know what’s coming next?
I’d been invited to Business Waverley—a local business forum—to give a fireside chat on cybersecurity, centered around resilience in the digital age. It’s also the thread running through the book I’m currently writing. But hearing the word spoken aloud, in that room, by people living it every day, gave it a different weight.
Because resilience is one of those words we use easily. It sounds solid. Dependable. Almost reassuring.
Until you ask what it actually means.
What Resilience Looks Like When It’s Not Theoretical
During the panel discussion, one question lingered longer than the rest: what does resilience really look like in practice?
The responses were anything but abstract.
Several spoke about the lasting impacts of COVID and Brexit—not as news events, but as lived disruptions. Supply chains fractured. Teams scattered. Plans dissolved overnight. And yet, businesses adapted. Not always smoothly, not always successfully at first, but persistently.
One answer, in particular, stayed with me:
Resilience is collaboration. Not endurance in isolation, but survival through connection. The idea that better solutions emerge when people come together, share openly, and support one another through uncertainty.
Uncertainty.
It’s an uncomfortable word. One we tend to rush past, solve for, or try to eliminate entirely.
But listening to the business owners in that room, I realised something: they weren’t trying to eliminate uncertainty. They were trying to build the capacity to act within it.
That’s a fundamentally different goal.
And in cybersecurity, it’s the difference between resilience and rigidity.
Why Defence Alone Isn’t Enough
In cybersecurity, we often default to a different image. We think in terms of defence, prevention, strength against attack. And while those things matter, they only tell half the story.
What became clearer to me, listening to the discussion, is that resilience doesn’t stand alone.
It’s built.
In the model I’ve been developing—inspired by Maslow’s hierarchy of needs, viewed through a cyber lens—collaboration sits at the very top. The fifth and final layer.
But it’s only possible because of what sits beneath it: leadership, culture, governance, and defence.
And culture—that second layer—is where resilience is quietly won or lost.
Because when an incident unfolds, the difference isn’t just technical. It’s human.
Will someone raise the alarm the moment something feels off? Will a team feel confident enough to pull the plug? Will bad news travel quickly—or get softened, delayed, or hidden?
Resilience depends on those moments.
It depends on psychological safety—on creating an environment where acting early is encouraged, not punished. Where being wrong is acceptable, but staying silent isn’t.
Without that, even the best tools and plans struggle to deliver.
The Moment Structure Runs Out
In cyber, minutes matter.
I’ve seen organisations lose millions in the gap between detection and decision—not because they lacked tools, but because someone hesitated to escalate bad news.
The difference between a minor disruption and a major breach often comes down to how quickly you can detect, decide, and act. You can’t wait for perfect information. You have to respond anyway.
That’s why resilience isn’t improvised in the moment—it’s rehearsed long before it. It lives in the scenarios you’ve planned, the responses you’ve practiced, the decisions you’ve already made under calmer conditions. It’s what allows teams to act with clarity when everything feels unclear.
And yet, no matter how well you prepare, reality rarely follows the script. There will always be something unexpected. And that’s where resilience takes on another form. Because resilience is also where structure runs out—and creativity takes over.
When the situation doesn’t match the playbook, you still have to respond. You still have to find a way forward.
Resilience as Reinvention
I’ve had to do that myself—stepping back at different points, reassessing the market I serve, and reshaping what I offer into something people not only need, but are willing to pay for.
Not perfectly. Not immediately. But deliberately.
And that, too, is resilience.
Not just absorbing shock, but using it. Seizing it as an opportunity.
Because whether you’re navigating geopolitical disruption, a global pandemic, or a cyber incident, the pattern is the same: disruption is inevitable. What defines you is how you respond—how quickly, how effectively, and with whom.
And in the digital economy, there’s something else at stake.
Trust.
It underpins every transaction, every interaction, every relationship. And it’s far easier to lose than it is to rebuild.
Resilience is what protects it.
When the Co-op faced a cyber attack last year, the threat actor used exactly the tactics you’d expect—social engineering—convincing calls to the IT helpdesk, plausible pretexts, attempts to gain system access. The kind of attack that has devastated other organisations.
The difference? The Co-op detected it within minutes.
Not hours. Not days. Minutes.
While the attack was still forming, before any real damage could occur, someone in their security operations center recognized something wasn’t right and acted immediately. No hesitation. No waiting for perfect confirmation. No layers of approval before pulling the alarm.
The result: 2,300 stores stayed open. Operations continued. Trust remained intact.
This wasn’t luck. It was the result of decisions made long before that phone call ever came in. It was a culture where frontline teams felt empowered to act on instinct. It was governance that gave them the authority to escalate without fear. It was rehearsal that meant when the unexpected happened, the response was immediate.
That’s resilience in practice.
Not the absence of threats, but the ability to move decisively when minutes are all you have—and to protect trust when everything else is under attack.
The Co-op’s resilience looked like speed. But speed was only possible because of everything built beforehand.
What Struck Me Most
What I took away from the evening wasn’t any single answer, but the shared understanding beneath them.
Resilience isn’t a capability you install. It’s a behaviour you enable.
It’s something you build, layer by layer. Something you practice. It’s structured. It’s human. And, when it matters most, it’s decisively fast.
Resilience in the digital age isn’t about removing uncertainty. It’s about being ready to act—even when you don’t have all the answers.
It’s about creating cultures where truth travels quickly. It’s about rehearsing decisions before crisis compresses time. It’s about maintaining trust when everything else is fracturing.
And perhaps most importantly, it’s about recognising that you can’t build it alone.
The business owners in that room understood this instinctively. The ones who survived COVID, Brexit, supply chain collapse—they didn’t do it through strength alone. They did it through connection, collaboration, and the willingness to adapt when the playbook no longer applied.
That’s the resilience the digital age demands.
Now I Want to Hear from You
What does resilience mean to you in the digital age?
Have you experienced a moment where structure ran out—and creativity had to take over?
Head on over to LinkedIn, join in the conversation and tell me in the comments.
PS. Photo credit to Berties Photography
