Skip to main content
Beyond the Firewall 1
Illustration by Kouzou Sakai

Beyond The Firewall

Leadership and Governance Insights for Cyber Resilient Organisations

Read our new research on the evolving state of global cyber governance

"Security, privacy, data, resilience, AI ethics - they all end up on my desk."

CISO of a US tech company

Combining practitioner-led advisory, proprietary research, and investment foresight, we help bridge the gap between business strategy and cyber risk. Through our ecosystem of world-class experts, innovative portfolio companies, and leading academic partners - including Cambridge and Oxford - we anticipate what’s next, outpace cyber threats, and enable our clients to protect value, accelerate growth, and transform their businesses with confidence.

01

What responsibilities are creeping into the remit?


We are building a new model for cybersecurity. Beyond traditional advisory services, we convene and invest in emerging cyber companies and venture funds - giving us a unique vantage point to identify and integrate cutting-edge innovation directly into our work. This dual lens offers a panoramic view of the evolving threat landscape, enabling us to deliver solutions that are both proactive and forward-thinking.

02

How well prepared are CISOs to take on these expanded roles?


We combine the scale and rigor of a large-scale consultancy with the agility and specialised insight of a focused cyber firm. Our team has helped some of the world’s largest organisations solve their most complex cybersecurity challenges.

03

What enablers do CISOs, CEOs and boards need to ensure next-generation cyber resilience?


Compliance frameworks need to be more than a tickbox exercise; they must serve as a shared language that allows boards to govern autonomous systems they may not fully understand.

Emerging global themes

01

Lack of shared language

The lack of shared language for effective understanding and management of cyber risk and metrics for successful cyber governance.

02

Conflation of compliance

The conflation of compliance frameworks and resilience planning leading to narrow metrics of success that could leave the company vulnerable.

03

Lack of mechanisms

A lack of mechanisms to fully visualise supply chain risk across complex supply chains.

04

Unrealistic expectations

Unrealistic expectations of CISOs bandwidth and skillsets with them taking on responsibilities from “shrink” to “diplomat.”

05

Increased pressure

Increased pressure from fragmented and misaligned governance requirements is leaving leaders to juggle complex compliance obligations in multiple jurisdictions.

24 hours of conversations with leaders across the industry

"Cover is shrinking; you can't transfer reputation"

Deputy CISO, Multinational Bank

Expert Advice

Recommendations for boards

01

Create a bridge between the CISO and the board through dedicated interdisciplinary cybersecurity committees that can help provide a 360 degree view of the risk of board members with some cyber experience.

02

Recognise that building cyber resilience is a “whole-of-organisation” endeavour with platforms and processes for continuous cyber literacy training throughout the organisation at all levels.

03

Develop mechanisms for a unified and enterprise-wide governance approach for addressing diverse compliance obligations.

04

Build a culture of responsible cyber governance as a business enabler with a clear plan for preserving accountability towards and trust of stakeholders in the event of a cyber incident.

Recommendations for CISOs

01

Advocate for cyber security needs and challenges using frames and language that resonate with board interests and priorities. Appeals to strategic business imperatives and reduction of liability will land more strongly than technical evidence.

02

Seek support for new partnerships that can help increase visibility of supply chain risk and build towards managing ecosystem level risk.

03

Ensure access to continuous professional development on cyber governance and leadership for cyber governance for the CISO team.

In Summary

In a volatile and uncertain world, any organisation can find itself exposed to malicious, opportunistic or ideologically motivated threat actors.

 

Increasingly, these actors aim not only to disrupt individual organisations, but to create wider societal impact in the jurisdictions where they operate. Responding to adversaries that are creative, persistent and increasingly enabled by new technologies cannot sit solely with one CISO and a technical team.

Cyber resilience now demands a new approach to governance. It must be shared across leadership, embedded in decision-making, and treated as a foundation for long-term stability and growth. This is no longer optional. It is a strategic imperative and a collective responsibility.

Unlock the full report

Once you submit this form, you will able to download the report.

Published by

The Author

Dr. Simon Learmount

Cambridge Judge Business School

Dr. Simon Learmount

Cambridge, UK