Leadership /

From Firefighting to Fortitude: Why Cybersecurity Needs a Seat at the Strategy Table

business fortitude

After years of crisis-driven reaction, it’s time for business leaders to embed protection into the core of strategy—or risk losing more than just data.


Since the onset of the Covid-19 pandemic in 2020, cybersecurity—much like business at large—has been caught in a relentless storm of short-term crises and tactical responses.

First came the pandemic itself, forcing organizations to rapidly scale remote work, secure new digital perimeters, and battle a surge in cyberattacks—all under the weight of global uncertainty.

Then followed the aftermath, marked by geopolitical tensions, disrupted supply chains, and a sharp rise in sophisticated ransomware attacks targeting virtually every sector.

And finally, the generative AI explosion, kicked off by the release of ChatGPT in late 2022, triggered a new wave of shadow IT. The scale and speed of its adoption have dwarfed even the cloud computing boom of 15 years ago—unleashing more complexity, more risk, and more confusion.

Alongside these systemic shifts, isolated but impactful incidents added fuel to the fire:

  • The CrowdStrike episode in mid-2024—not strictly a cybersecurity breach, but a wake-up call on crisis management and business continuity.
  • Rising political and fiscal instability across key economies like France, the UK, and the U.S.
  • And the ongoing specter of geopolitical volatility, creating a perpetual sense of instability.

Much of this was neither predictable nor preventable. Cybersecurity, like many functions, tends to mirror broader business cycles. But in doing so, many security leaders—particularly CISOs—have found themselves stuck in a perpetual firefighting mode, unable to push toward true maturity.

This reactive posture has only worsened long-standing challenges in the cybersecurity space, reinforcing the so-called “spiral of failure” that’s plagued the industry for two decades. It’s also inviting increased regulatory scrutiny, a market reaction to repeated breaches and the perceived inadequacy of business responses.

Despite all this, many companies still show no real signs of a long-term strategy. Compliance is treated as a checkbox. Cybersecurity is siloed under IT. Risk is compartmentalized instead of being integrated across the enterprise.

But the nature of risk has changed. The interconnectedness of modern business—made even more intense by pandemic-driven digitization—means that cyber threats can no longer be contained within traditional silos. Incidents like CrowdStrike’s have shown us that cybersecurity now underpins business continuity.

And that means the response must be strategic, cross-functional, and led from the top.

Right now, we’re stuck in a loop of tactical responses. Everyone talks about “resilience,” but the term has become vague—more consultant-speak than operational reality. At best, it answers the “what” of change. Rarely does it address the “how.”

Here’s how: Businesses must embed protection as a core ethical pillar of strategy.

This isn’t just about compliance. It’s about ensuring the business can function under stress, maintaining digital trust, and safeguarding brand equity and shareholder value over the long haul.

Yes, it’s a shift. But it’s also common sense.

Good leadership today means championing business protection from the top—and embedding it into the culture at every level. Because in the digital age, security is no longer a technical concern. It’s a strategic imperative.



JC Gaillard is the Founder and CEO of Corix Partners, a London-based Boutique Management Consultancy Firm and Thought-Leadership Platform, focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

He is a leading strategic advisor and a globally-recognised cyber security thought-leader with over 25 years of experience developed in several financial institutions in the UK and continental Europe, and a track-record at driving fundamental change in the Security field across global organisations, looking beyond the technical horizon into strategy, governance, culture, and the real dynamics of transformation.

French and British national permanently established in the UK since 1993, he holds an Engineering Degree from Telecom Paris and has been co-president of the Cyber Security group of the Telecom Paris alumni association since May 2016.



Read more on our Security Transformation Leadership publication here on Medium