C4D Insights

C4D Insights provides practical commentary on cyber governance, cyber risk and GRC (Governance, Risk, Compliance) for boards directors, trustees, company secretaries and C-suite leaders aiming for effective oversight.

Susanne Alfs 18/01/2026 Susanne Alfs 18/01/2026

Cyber Crisis Governance: what the board should rehearse

Many organisations do not have a formal cyber incident response plan. That reality matters, because you cannot rehearse decisions at pace if the basics such as roles, escalation routes, reporting triggers etc. are not written down. Testing cyber crisis governance by engaging the board in a cyber exercise is essential for a viable and dynamic incident response plan and achieves so much more, by bolstering the board’s confidence to be ready.

Susanne Alfs 06/12/2025 Susanne Alfs 06/12/2025

What does it take to be ready?

Boards often find themselves overthinking the cyber threat landscape – poring over heatmaps and risk lists, yet still unsure what it really means for readiness. This article suggests a different starting point: asking “What happens if this fails?” and using impact analysis to focus on critical services, stakeholders, and practical resilience.

C4D Insights

C4D Insights provides practical commentary on cyber governance, cyber risk and GRC (Governance, Risk, Compliance) for boards directors, trustees, company secretaries and C-suite leaders aiming for effective oversight.

Cyber Crisis Governance: what the board should rehearse

What does it take to be ready?

Contact