Last week I had the privilege of speaking at CSO ThreatScape 2026 in Manchester — an event dedicated to navigating the rapidly evolving cybersecurity landscape and the threats shaping tomorrow’s security strategies.
It was a day of genuinely good conversation. Not the kind where everyone agrees with each other to fill time on stage, but the kind where real challenges get surfaced and people push back on easy answers. That’s what made it worthwhile.
The Headline Nobody Wants to Hear
If there was one message that ran through the day — whether on stage, in the corridors, or over coffee — it was this: the threat landscape is accelerating faster than most organisations are responding to it.
That’s uncomfortable to sit with, but it’s the reality. AI is lowering the barrier for attackers at the same pace it’s raising capability for defenders. Digital ecosystems are becoming more interconnected and therefore more exposed. And the gap between what boards think is happening and what’s actually happening in their security posture remains stubbornly wide.
What Actually Makes an Organisation Resilient
Here’s what I’ve consistently seen — and what the conversations at ThreatScape reinforced: cyber resilience isn’t primarily a technology problem. It’s a leadership problem.
The organisations that recover well from incidents, that spot vulnerabilities before they become crises, that build cultures where security is everyone’s responsibility — they’re not necessarily the ones with the biggest budgets or the most sophisticated tooling. They’re the ones where leadership is engaged, where accountability is clear, and where the board asks the right questions.
Technology is table stakes. Leadership is the differentiator.
That means a few things in practice:
Boards need to get comfortable with discomfort. Asking hard questions about your security posture — and genuinely expecting answers — is not optional. It’s governance.
Collaboration across the C-suite matters more than most organisations act like it does. Security doesn’t sit neatly inside one function. It touches everything from procurement to HR to legal, and the organisations that treat it as a shared responsibility are meaningfully more resilient.
Adaptability beats rigidity every time. The threat landscape will keep changing. Organisations that build flexible, responsive capabilities — rather than static compliance frameworks — are the ones that hold up when things get hard.
A Word of Thanks
A huge thank you to the organisers for putting together an event that actually generated useful conversation rather than just content. Thanks to Matthew Treagus for a genuinely sharp discussion on stage, and to Georgina Owens for leading proceedings with real clarity and focus.
And a personal thank you to colleagues Jo Ingram and Jamie McCready for making the trip across — your presence made the day better.
The Conversation Continues
The work of building genuinely resilient organisations doesn’t end when a conference does. If you’re thinking about how your organisation approaches cyber risk — whether that’s governance structures, board-level accountability, or the practical gap between policy and practice — I’m always happy to continue the conversation.
That’s exactly the kind of work Fredian Shield was built for.
Neil Manfred is the founder of Fredian Shield, a specialist consultancy helping regulated organisations adopt AI and technology responsibly. He is a Certified Director of the Institute of Directors and a Non-Executive Director in public education.