November 25, 2025

S36 Ep12: Steve Durbin - Cyber Governance in Transition: What Boards Should Do Next

14 minutes

In today's episode, Steve sits down with journalist Nick Witchell for a conversation focused on what business leaders can learn from this year's major cyber attacks and the recent AWS outage. The two also discuss cyber regulations and the challenge of operating global enterprise during significant geopolitical turmoil.

Key Takeaways:

Boards and senior executives understand there is a threat, but many still lack knowledge of how to deal with it.

We are too reliant on technology; for the sake of business continuity, a backup plan must be in place.

High-quality simulation exercises are a crucial step toward more cyber resilience.

Tune in to hear more about:

The role of policy and regulation (3:17)

Why cyber simulation exercises are so important (5:45)

Steve’s thoughts on the recent AWS outage (7:54)

Standout Quotes:

“Now, in the boardroom itself, in companies themselves, we have seen over the past few years an increasing awareness of the threat that these kinds of things can bring to really the future of an organization. But the challenge I think we now face is really helping boards, senior executives to transition from, yes, I get there's a threat, but what should I actually be doing about it?” - Steve Durbin

“I think that in the main, cloud service providers are still probably far better equipped to provide the level of service that most companies need than you'd be able to do yourself. However, we do need to take into account that things will go wrong. And we have to plan for that. So if you are an organization that can quite happily exist without access to data in a cloud provider, it doesn't have to be Amazon, it could be anybody else, then fine. I would question why you're using them in that case. If on the other hand, you are dependent on them, you have to have some backup in place.” - Steve Durbin

“All too often I'm seeing people particularly in the area of, say, cyber simulation exercises, because they're viewing it as a compliance exercise, going for least cost. That to me is a bit like saying I've just moved into an area where I know the burglary rate is quite high. What's the cheapest lock and door that I can get on my front door? It's madness. Not many of us would do it. We would try to work within our budget. We'd try to really figure out how important things were in our house. That's the mentality we have to adopt. So yes, you can get some of these things done very cheaply and you can tick a box, but it's not going to help you when things go wrong.” - Steve Durbin

Read the transcript of this episode

Subscribe to the ISF Podcast wherever you listen to podcasts

Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

...more