February 16, 2026
As the year draws to a close, Episode 48 of ChatDPS steps back to reflect on the defining cybersecurity and crisis management moments of the past 12 months.
Hosts Nick Lovell, Adam Cunningham and Robert Feldman revisit the stories that shaped 2025 — from exemplary crisis leadership to communication missteps, from regulatory muscle-flexing to a jewel heist that reminded us security is never just digital.
Running through every discussion is a consistent theme: preparation, values and accountability matter more than ever.
One of the standout reflections was the handling of the Norsk Hydro ransomware attack, discussed earlier in the year. When the crisis struck in the middle of the night, the organisation acted decisively — holding a press conference within hours and executing a well-rehearsed incident response plan.
The result was transparency, confidence and even renewed market trust.
Nick emphasised that crisis success does not happen by accident. It comes from having a clear playbook and the discipline to execute it under pressure. Adam reinforced the point: organisations that invest in training, governance and response frameworks transform cybersecurity from an unpredictable threat into a manageable business risk.
Preparation reduces panic.
Clarity reduces chaos.
Leadership builds trust.
The episode also revisited Qantas’ recent data incident — a case that drew significant public and political scrutiny.
While the airline initially communicated strongly, updates became inconsistent and clarity faded. Customers were left seeking answers, and frustration grew. The issue was not simply technical; it was cultural.
Nick observed that having a crisis plan is insufficient if it is not grounded in an organisation’s values. A plan without alignment to purpose and principles quickly becomes hollow. When pressure rises, that disconnect becomes visible, and trust erodes.
Robert added that community expectations are continuing to rise. Customers expect timely updates, transparency and accountability. When organisations fail to meet those expectations, it reflects not just a communications problem but a leadership and governance failure.
In a lighter but instructive moment, the team discussed the Louvre jewel robbery — a story almost cinematic in execution. Thieves reportedly entered disguised as maintenance staff and exited within minutes, taking priceless crown jewels.
Humorous on the surface, but deeply revealing.
The story served as a reminder that cybersecurity is only part of the equation. Frameworks such as ISO 27001 require organisations to consider physical security as a core component of their information security management systems.
Digital crown jewels matter.
But sometimes they are actual crown jewels.
Access control, premises security, visitor management and data centre protections remain fundamental to a resilient security posture.
Adam shared data showing that organisations often experience only a modest share price decline following a breach, typically recovering within a couple of months.
However, Robert provided the essential counterpoint.
Markets may move on quickly. Regulators and class action lawyers do not.
Investigations, enforcement proceedings and shareholder actions can take years to resolve. The “long tail” of a data breach often carries far greater financial and reputational consequences than the initial market reaction. The true cost frequently lies not in a temporary 1.5% dip, but in years of reputational strain, regulatory scrutiny, litigation expense, executive distraction and cultural impact.
Prevention, as Nick summarised, is unquestionably better than cure.
As the episode concludes, the message heading into 2026 is clear.
Regulators are more assertive.
Community expectations are higher.
Legal exposure is expanding.
Governance failures are increasingly visible.
Resilience is not built in the middle of a crisis. It is built long before it.
The stories of the past year demonstrate both ends of the spectrum — what happens when preparation and values align, and what happens when they do not.
Cybersecurity is no longer simply an IT issue. It is a leadership issue, a governance issue and, ultimately, a trust issue.
The organisations that recognise this now will be the ones best prepared for whatever comes next.
.svg)