---
id: "action-shift-to-resilience"
type: "action-item"
source_timestamps: ["§ What boards should do:"]
tags: ["operational-resilience", "board-metrics"]
related: ["concept-airline-safety-analogy", "framework-board-cyber-engagement", "concept-compliance-security-conflation"]
action: "Confirm organizational cyber efforts prioritize business continuity and resilience over narrow technical control testing."
outcome: "A security posture aligned with long-term competitiveness and operational survival."
speakers: ["Jeffrey Proudfoot", "Stuart Madnick"]
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-cl-83-boards-cybersecurity"
sourceUrl: "https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity"
sourceTitle: "Boards Are Falling Short on Cybersecurity"
---
# Shift Focus from Technical Controls to Resilience

## Action

Confirm that organizational cyber efforts prioritize **business continuity and resilience** over narrow technical-control testing.

## Detail

Directors must demand confirmation from executives that the organization's cyber efforts and culture are fundamentally focused on **resilience and business continuity**. This means moving away from a compliance-driven emphasis on implementing and testing specific technical controls — the core of the [[concept-compliance-security-conflation]] — toward the consequence-driven posture modeled by the [[concept-airline-safety-analogy]]. It operationalizes step 2 of [[framework-board-cyber-engagement]].

## Expected outcome

A security posture aligned with long-term competitiveness and operational survival.
