Full Day Cyber Risk & Resilience Board & Executive Awareness Course



Course Duration: 1 day

Next virtual course:  enquire for availability

Next classroom course: enquire for availability

If you have 5 attendees you wish to attend this course, contact to arrange a specific date for a course.

The APMG International and swirl device logo is a trade mark of the APM Group Limited, used under permission of the APM Group Limited. All rights reserved.

This course is assured in association with the National Cyber Security Centre.


This course aims to provide delegates with the opportunity to explore and discuss cyber risk and resilience and how to provide effective governance, risk management and strategic implementation.

This course is for…

Board members including Non-Executive Directors and Executive Managers who need to provide governance and implement strategy for cyber risk, including data protection and resilience.

Course Objectives

The course objectives are to provide better:

  • Understanding of the business issue and context of cyber risk & resilience;
  • Understanding of how to structure cyber risk & resilience strategy, governance, risk management and capability;
  • Understanding of cyber risk & resilience governance, risk management paradoxes, decision-making and questions to ask

One day workshop agenda

Part 1 The Business Issue “What is going on here?” Addressing the core strategy question of not just deciding what to do, but the more fundamental issue of comprehending the situation; and why resilience is an imperative. This will include hard trends (will happen) of opportunities and dangers and the associated paradoxes, VUCA (volatile, uncertain, complex and ambiguous) regulatory, legal and geo-political environment in the UK, USA and internationally.

Part 2 The Value of Information A short exercise to consider the value of information for business, therefore what needs to be enabled and protected by resilience.

Part 3 “Making it Real” A simple scenario exercise, to consider a technology based business investment for a new business service, to consider the risk and return on

investment, before stepping through a a simple breach of that service and whether that changes delegates understanding of the risk?

Part 4 Strategy and Capability Development An approach based upon UK NCSC Capability Assessment Framework (CAF) and US NIST Cyber Security Framework (CSF),

including the use of scenario testing to understand and manage risk.

Part 5 Next Steps Discussion and a simple set of leading questions for boards to ask of themselves and their organisations.

About your trainer – Richard Preece

  • A co-opted core panel member of the British Standard (BS) 31111 Cyber Risk and Resilience Guidance for Boards and Executive Management.
  • A chapter author for Managing Cybersecurity Risk – Case studies and Solutions.
  • A chapter author for Managing Cybersecurity Risk – How Directors and Corporate Officers can protect their businesses.



Virtual – Contact to arrange, Classroom – Contact to arrange

Shopping Basket