Insight

Preparing for disruption: building World Cup level resilience

Published July 9, 2026

  • Cybersecurity
football stadium at night

Key Takeaways

  • Digital sovereignty is becoming a strategic priority: understanding dependencies is essential to maintaining control.
  • Visibility drives resilience: knowing your critical assets and exposures enables faster, better-informed decisions.
  • Resilience must be built before disruption occurs: testing and preparation turn uncertainty into a manageable risk.

Understanding dependencies, preparing for disruption, and making smart long‑term choices

Geopolitical disruption is no longer a distant consideration. Much like global events such as the World Cup, organisations must now operate in environments defined by scale, speed and constant uncertainty.

Over the past few years, organisations have faced an accelerating series of large-scale events, from pandemics to armed conflicts and regulatory shifts. While these risks have always existed, their likelihood has materially increased, forcing organisations to rethink how they operate, where they depend, and how they remain in control.

This evolution is reshaping the very foundations of resilience. It is no longer sufficient to react when disruption occurs. Organisations must actively understand and manage and dependencies, particularly as digital sovereignty becomes a central concern.

In our recent 2026 Cybersecurity Benchmark  (open in new window), it was revealed that 50% of respondents have implemented a cyber resilience measures, improving by 3% compared to last year through stronger preparedness measures. The results highlighted that organizations are developing their cyber insurance policies, increasing crisis management exercises, and intensifying restoration testing, thereby improving their ability to ensure business continuity in the face of major incidents. However, this remains a key area of risk within the overall cybersecurity landscape.

In this article, we explore both reactive crisis response and proactive resilience strategies, drawing on real client cases. Together, they highlight a critical shift: resilience must evolve from response to control.

A new reality:
from resilience to digital sovereignty

Geopolitics is now a core driver of digital risk. What was once considered a technical or operational topic (data hosting, cloud providers, infrastructure) has become a board-level concern linked to sovereignty, regulation and trust.

What is digital sovereignty?

Digital sovereignty is the organisation’s ability to retain control, decision‑making power, and operational independence over its critical digital assets (including data, infrastructure, and technologies) by understanding and actively managing dependencies on external providers, jurisdictions, and ecosystems.

Digital dependency today is shaped by several structural forces:

  • Increased regulatory pressure on data localisation and sovereignty
  • Concentration of technology providers and vendor ecosystems
  • Extraterritorial legislation (e.g. exposure to foreign laws depending on provider origin)
  • Rising geopolitical tensions impacting access to services, talent and infrastructure

As a result, organisations are facing a new type of question:

How do we maintain control over our operations in an increasingly fragmented and uncertain environment?

Crucially, digital independence is not about eliminating dependencies. It is about making informed, strategic choices, balancing resilience, cost and operational realities.

3 priorities for leaders

  1. Understand your exposure: Understand what is truly vital, then map critical assets, systems and data flows. Identify geopolitical dependencies across operations.
  2. Strengthen short-term readiness: Ensure crisis response capabilities are robust and tested. Prepare for disruption scenarios, including supplier and regulatory shocks.
  3. Build resilience by design: Integrate sovereignty and dependency considerations into strategy. Redesign operating models to balance efficiency and control.

Resilience in practice

The following client examples highlight three different approaches to building resilience. responding to disruption, understanding dependencies before a crisis occurs, and testing preparedness through realistic exercises. Together, they illustrate the shift from reactive crisis management to proactive control.

shopping trolley in aisle

A sudden geopolitical shock: resilience by design in real time

A global consumer goods organisation faced an immediate disruption. A business unit became exposed to a hostile geopolitical context following a change of control. This introduced a critical risk, loss of control over IT systems and sensitive data.

The organisation chose to maintaining operations while managing exposure, prioritising continuity while managing risk.

The first priority was to secure the critical assets required to continue operating. The Minimum Viable Company (MVC). Having clear, pre-defined view of critical assets is vital at this stage, where time is critical.

The crisis exposed several structural gaps:

  • Unclear crisis governance and decision-making frameworks
  • Lack of a unified view of critical assets
  • Limited segmentation capabilities across systems
  • Absence of predefined legal and regulatory guidance
  • Organisational tensions across geographies

Executing at speed and accelerating separation. Our client had to execute an accelerated carve-out and compress a typical multi-year programme into weeks. Without preparation, organisations are forced to design resilience in real time, when the margin for error is lowest.

From scenarios to decisions: making resilience actionable

In contrast, a global manufacturer recognised that its highly globalised model, spanning multiple regions, systems and supply chains, which created significant exposure to geopolitical disruption.

Rather than waiting for a crisis, the organisation sought to understand and manage its dependencies strategically.
The proactive approach was operationalised through scenario-based stress testing.
By simulating realistic geopolitical events, such as supply chain disruption, regulatory constraints or data access restrictions, organisations can:

  • Quantify business impact across functions
  • Assess current capabilities
  • Prioritise investments and actions

These exercises also create alignment across stakeholders, from IT to business leaders, enabling faster and more informed decision-making.

forklift in warehouse
skyscrapers

From simulation to action: testing resilience in practice

A geopolitical crisis exercise delivered for a financial services client demonstrates how organizations can move from theory to action through realistic testing.

A dynamic, scenario-based exercise was designed to replicate real-world disruption, using structured events (“injects”) such as emails and customer interactions to simulate pressure in real time.

Delivered across multiple sessions with over 60 participants, the exercise enabled teams to coordinate responses using crisis management tools while being observed and assessed against predefined KPIs.

A structured debrief followed, identifying key gaps and producing targeted recommendations, including immediate “quick wins” to strengthen resilience.

This example highlights a critical principle that resilience cannot be built in theory alone. It must be tested, measured and continuously improved through realistic, scenario-based exercises.

By simulating disruption in a controlled environment, move from reactive response to proactive, coordinated control under pressure.

How to succeed

The organisations that will succeed in this environment are not those that eliminate risk, but those that understand it, control it and plan for it. Resilience is no longer just about recovery. It is about anticipation, strategic choice and sustained control in an unpredictable world.

Discover our cybersecurity expertise  (open in new window)

Contact us

Share this content