There’s no such thing as 100% security. Accidents happen and damage occurs. This is as true for digital technology as for anything else. Cyber breaches can happen. Critical systems can fail. Reputations can be damaged online. Resilience is about enabling organisations to predict and respond to this damage and indeed to move from surviving to thriving. In this, resilience is not just another name for business continuity; it goes further and deeper.

And because accidents happen, resilience is essential. It takes effort to make an organisation resilient. First, you need to understand the risks you face, how they can be minimised, and how best to respond when incidents happen. Plans need to be drawn up and they need to be tested, partly to see if they work, partly to give people the experience of handling a crisis. Stress must be managed. Communication handled positively, internally and externally. And when the worst happens, reviews must be undertaken so that learnings can 219be found. None of this happens naturally. It takes leaders who know they are accountable and who have a vision of what good resilience looks like.