Skip to main content

Cyber Resilience on the Board Agenda

·
Technology Digital-Transformation Board-Governance Risk-Management
John Januszczak
Author
John Januszczak
Bridging technology, capital, and leadership for the next generation of transformative ventures

In 2026, cyber resilience is not an IT line item, it’s a company’s ability to keep earning revenue and keep its license to operate during chaos. If you can’t explain it in time-to-impact and time-to-recover, you don’t have a strategy. You just have tools.

Resilience is a financial variable, not a tech feature. It directly affects: cost of capital, revenue continuity, and insurance economics. Jump to the 16:43 mark to see where I share how investors are increasingly trained to ask about cyber resilience.

Beyond the Firewall: Cyber Resilience as a Boardroom Strategy
#

Cybersecurity is often mistakenly relegated to the “IT basement” and viewed merely as a technical hurdle or a defensive cost. However, in this panel discussion, “Cyber Resilience on the Board Agenda,” we shifted the narrative. True resilience isn’t just about preventing a breach; it’s about an organization’s ability to withstand, respond to, and recover from incidents while protecting enterprise value and stakeholder trust.

The Shift from Cost to Capital
#

Cyber risk has evolved into a fundamental enterprise risk. As losses from cybercrime continue to climb, reaching billions in the Philippines alone, the conversation must move away from “compliance theater” and toward business impact, recovery speed, and financial stability.

Resilience as a Proxy for Leadership
#

Throughout the session, I brought a “builder and operator” lens to the topic, drawing from his experience scaling fintech ventures and raising capital. Cyber resilience is far more than a checkbox for compliance; it is a critical indicator of management quality.

Key highlights:

  • Revenue Continuity: Investors value companies based on their ability to maintain revenue. Therefore, cyber resilience is essentially a strategy for revenue continuity. If you cannot demonstrate a clear path to recovery, you don’t have a strategy. You have “compliance theater.”

  • A First-Class Due Diligence Item: While the venture ecosystem in Southeast Asia is still maturing, I predict a shift where cyber posture becomes a significant factor in valuations and deal terms.

  • The “Forest for the Trees”: Leaders are cautioned not to get lost in the technical weeds of malicious attacks. Many resilience failures stem from the maturity of technology choices and internal processes, rather than hackers.

  • Investor Confidence: The way a team handles cyber stress is a direct proxy for how they handle any major business crisis, making it a vital component of investor trust.

Key Takeaways for Leaders
#

  1. Stop talking threats, start talking services: Move the conversation from “ransomware” to “system availability.”
  2. Focus on Decision Resilience: As the panel noted, the real failure in a crisis often isn’t the tech, it’s the hesitation at the leadership level.
  3. Fund it Early: Like liquidity, you don’t build a buffer during a crisis; you fund it and measure it relentlessly during the quiet times.