Real resilience happens when teams actually talk to each other, argue Katie Barnett, Director of Cyber Security, and Gavin Wilson, Director of Physical Security and Risk, at the consultancy, Toro Solutions.
ย
Resilience is one of those words everyone uses, but not everyone means the same thing by it. For some organisations, itโs about getting back to normal after something goes wrong. For others, itโs about staying operational no matter what. In reality, resilience is a blend of both. Itโs the ability to stay steady when things go wrong, adapt to changing conditions and keep your core services moving.
But hereโs the part that is often forgotten. Resilience is not something you build through documents, platforms or templates alone. Those things help, but theyโre not what save you in the moment. When pressure hits, resilience shows up in people. In how well they communicate, in how quickly they share information and in how confidently they act when the situation becomes more complex. And this is where many organisations struggle, not because they lack expertise, but because their expertise is locked inside silos and those silos arenโt communicating with one another effectively.
Silos make organisations slower, more fragile
ย Think about how most companies are structured. Cyber security focuses on digital threats. Physical security protects buildings and people. HR handles workforce issues. Ops keeps the lights on. Each team gets on with its own job, which makes sense in theory. But attackers donโt follow that structure.
A cyber criminal might switch to social engineering if a technical attack fails. Someone planning a physical intrusion might first gather information online. A disgruntled insider might cause digital and operational issues at the same time. Meanwhile, the early clues rarely show up in one neat location. IT might see weird login attempts. Security might notice an access card going missing. HR might pick up a worrying behaviour change. Individually, none of those things feel urgent. Together, they could be a warning sign. The problem is that most organisations only put the pieces together when teams finally start talking, usually after things have already escalated. The result is that teams do their jobs well, but the organisation struggles to see the full picture.
Convergence is not a restructure, itโs a shift in how people work
The word convergence sometimes conjures up the picture of a major organisational redesign. In reality, itโs much simpler and far more practical. Convergence means teams start connecting the dots. It means sharing context, not just data, and understanding how one teamโs risks impact another.
You do not need a single โsuper team.โ You need experts who can explain what theyโre seeing in a way others can use. People who understand their own domain and can translate it into something meaningful for someone in another discipline.
One organisation we supported didnโt change its structure at all. The only thing they did was combine physical and cyber incident information into a shared space. Thatโs it. Suddenly, the patterns were obvious, a spike in phishing emails, a missing entry card and strange activity on a secure door were not three unrelated issues anymore, they were part of the same story.
Thatโs the power of convergence. It lets you see what is really happening rather than what seems to be happening within each department.
People, not plansย
ย Itโs natural to think resilience comes from plans, playbooks and formal procedures. These things absolutely matter, but they only get you so far. Real-world incidents rarely unfold exactly as imagined on paper. People forget steps, communication slows down, or the wonderful platform everyone relies on isnโt accessible because the outage is affecting it too.
This is why the strongest resilience programmes are the ones that focus on people first. When teams practise together, they get better at working together. They build confidence. They get used to hearing each otherโs language. They figure out where decisions actually sit and they discover which assumptions fall apart under pressure.
At Toro, we run a lot of cross-team exercises. In almost every case, the first attempt is messy. Information flows unevenly, people hesitate, roles overlap but the second attempt is completely different. The pace picks up, communication improves and people stop worrying about โstepping on toesโ and focus on getting the job done. Those improvements donโt come from rewriting the plan, they come from experience and trust which builds with ongoing testing. A team that has practised together performs better because they know each other, not because the plan is longer.
Leaders set the toneย
ย Convergence doesnโt happen if leadership treats security and resilience as separate technical concerns. It also doesnโt grow in organisations where teams only focus on their own metrics.
Leaders have to champion collaboration. They have to reward teams for working together, not only for meeting internal targets, and they need to make it clear where responsibility for cross-team risk sits, so people know who is guiding the bigger picture. When leaders encourage openness, teams naturally start sharing more. When they make collaboration an expectation, not a favour, convergence becomes part of the culture instead of a side project.
Whether convergence sticks
Even with the right intent and the right structures, convergence falls apart if the culture does not support it. If people donโt feel comfortable raising concerns, if they think security is โsomeone elseโs jobโ, or if processes feel too burdensome, the organisation will always have weak spots. A resilient culture is one where:
- People understand why security matters to their work.
- Raising a concern is encouraged, not discouraged.
- Teams trust each other enough to share information early.
- Processes feel realistic rather than theoretical.
Culture shows up in everyday behaviour. How quickly someone speaks up, how openly teams share and how calmly they respond to uncertainty. When culture is healthy, resilience grows naturally.
Real foundation of resilience
Todayโs threats move across digital, physical and human domains without hesitation. If organisations want to keep up, their teams have to move in the same way. Convergence is not about creating more work or more complexity. It is about creating clarity and helping people to understand how their actions support others. It is about breaking down the quiet barriers that hold organisations back during fast-moving events.
Resilience improves when people talk to each other. It improves when expertise is shared instead of protected. It improves when teams understand that they are part of something larger than their own function. No plan on its own can deliver that, only people can.
