How should companies approach cybersecurity as an entire business strategy?
Nick Godfey: There are two key things: First, understand the interplay between technology architecture and security posture. You can’ t bolt security products onto 30-year-old architectures and get good outcomes. Think about combined technology spend – is money better on security budgets or IT modernisation? Second, there’ s no senior executive I’ ve worked with who doesn’ t buy into security. The question is how, how much, and how they help make it a whole-of- business consideration.
Justin Kuruvilla: The narrative that senior execs don’ t recognise cyber risk as business risk is old in 2025. Everybody gets it now. It comes down to resilience. Your entire security shouldn’ t depend on whoever answers the phone first. I wouldn’ t want my parents in charge – their passwords are Justin1, Justin2, Justin3 despite me telling them otherwise. There’ s no silver bullet. It’ s people, processes and technology, recognising that people aren’ t infallible.
Stuart Seymour: For me it’ s about risk and resilience – understanding your company’ s risk appetite, what’ s tolerable versus intolerable. Security done badly is the worst thing in the world. The question I hate most is‘ are we secure?’ Because the answer is no. To secure a company, you’ d smash everyone’ s phones and laptops, put them in a Faraday cage, bury them in the garden – but that’ s not much use. Every pound spent modernising IT also improves security.
106 July 2025