Login

Promote Your Company       |     Contact

Independent Cyber News.

Monday Morning Quarterbacking. Why Everyone Thinks they can Run a Cyber Crisis
Crisis Management | Executive Communication | Leadership | Security Operations
Posted: Monday, May 18
  • KBI.Media
  • $
  • Monday Morning Quarterbacking. Why Everyone Thinks they can Run a Cyber Crisis
Karissa Breen, more commonly known as KB, is crowned a LinkedIn ‘Top Voice in Technology’, and widely recognised across the global cybersecurity industry. A serial entrepreneur, she is the co-founder of the TMFE Group, a portfolio of cybersecurity-focused businesses spanning an industry-leading media platform, a specialist marketing agency, a content production studio, and the executive headhunting firm, MercSec. Now based in the United States, KB oversees US editorial operations and leads the expansion of the group’s media footprint across North America, while maintaining a strong presence in Australia, and the broader global market. She is the former Producer and Host of the streaming show 2Fa.tv, and currently sits at the helm of journalism for the group’s flagship arm, KBI.Media, the independent cybersecurity media company. As a cybersecurity investigative journalist, KB hosts her globally-renowned podcast, KBKast, where she interviews leading cybersecurity practitioners, CISOs, government officials including heads-of-state, and industry pioneers from around the world. The podcast has been downloaded in over 65 countries with more than 400,000 global downloads, influencing billions of dollars in cybersecurity budgets. KB is known for asking the hard questions and extracting real, commercially relevant insights. Her approach provides an uncoloured, strategic lens on the evolving cybersecurity landscape, demystifying complex security issues and translating them into practical intelligence for executives navigating risk, regulation, and rapid technological change.

i 3 Table of Contents

Monday Morning Quarterbacking. Why Everyone Thinks they can Run a Cyber Crisis
From Karissa Breen

When a cyberattack hits, most organisations think the real battle is all technical. They’re wrong.

According to Lisa Black, Director of Public Sector at Aeon Nexus, the real collapse often starts long before systems are restored and it has nothing to do with code.

“Threat actors exploit confusion more than code,” Black said. “The loss of confidence in an organisation moves faster than any malware.”

Ms Black laid out a the reality that’s facing governments, corporations and critical infrastructure providers in 2026. Pretty much, many organisations still fundamentally misunderstand what a cyber crisis actually looks like once it begins.

And when panic sets in, leadership and not technology becomes the deciding factor.

According to Black, the first hour after a major breach or disruption often determines whether an organisation regains control, or spirals into absolute chaos.

“That first hour shapes the next several months,” she explained. “It sets the tone… either calm or crisis.”

But while boards and executives often expect technical teams to solve the problem immediately, Black says the bigger issue is operational paralysis. Who’s making decisions? Who’s communicating? What systems matter most?

And perhaps most critically, who can people actually trust?

“Most leaders underestimate how fast trust in their own organisation erodes internally,” Black said.

That erosion spreads quickly when employees can’t access systems, communications break down and conflicting information starts circulating internally.
Complicating matters even further is the public scrutiny that now surrounds every major cyber incident, as everyone suddently ‘becomes an expert’.
Social media, mainstream media, competitors and online commentators all rush to dissect what went wrong, often before the full picture is known.
Black says leaders need to expect criticism from every direction.

“Everybody’s going to criticise everything you do,” she said. “We call it Monday morning quarterbacking.”

Misinformation can spread almost as quickly as the attack itself, by armchair coaches. That’s why communication discipline has become one of the most important parts of crisis management.

“Silence creates panic,” Black warned. “It leaves room for others to fill the vacuum.”

But that creates another challenge. Legal teams often push to limit public statements, fearing lawsuits or regulatory consequences, while media outlets like ours demand immediate answers.

Trying to please everyone, results in pleasing no one and organisations become trapped between saying too much and saying nothing at all.
Interestingly, when technology undoubtedly fails, people forget how to function. Black recalled scenarios where organisations were forced to revert back to manual operations almost overnight.

Police officers struggled without GPS systems. Government departments returned to paper processes. Employees had to relearn how to use fax machines.

“It’s not really about the data we lost,” Black said. “It’s about the loss of ability to function.”

These incidents expose the entire generations of workers have been conditioned to rely almost entirely on technology to do their jobs.

And when those systems disappear, many organisations discover they no longer have the operational resilience they thought they had – just two left feet.
Every organisation should assume they will eventually face a serious disruption.

“It’s a matter of when, not if this is going to happen to you,” she said.

That means traditional ‘tick the box’ exercises and annual compliance drills are no longer enough.
In fact, Black believes many cyber training programs are fundamentally flawed because they’re too predictable.

“If your cyber training is comfortable, it’s lying to you,” she said.

Instead, she argues companies need to train for confusion, ambiguity and operational failure, not just technical compromise.
Because in a real life incidents, leaders rarely have perfect information.

They’re forced to make fast decisions under pressure, while systems fail, staff panic and the outside world watches in real time and judges.
As AI pushes organisations to operate pedal to the metal and become even more dependent on systems, Black believes the risks are only going to get worse.

And while businesses continue investing heavily in cybersecurity technology, many are still underinvesting in leadership preparedness.

More From This Contributor

No results found.
All Press Releases

Other Recent Articles

No results found.
Article Archives
Share This