Author: Dr Peter Speight
ISBN No:
Review date: 10/02/2026
No of pages: 88
Publisher: Available on Amazon Kindle
Publisher URL:
https://www.amazon.co.uk/Resilience-Design-Peter-Speight-ebook/dp/B0GHY2SLR8/
Year of publication: 19/01/2026
Brief:
price
£8.99
We featured only in the January edition of Professional Security Magazine a book by the long-time consultant Dr Peter Speight, Security Re-imagined; now he’s brought out another, Resilience by Design.
Risk registers are full, dashboards show green; yet when disruption arrives, whether a cyber attack, supply-chain collapse, or human error, resilience isn’t all that was hoped for. Peter disagrees that resilience is a plan or a response that you can activate. Just-in-time, global supply chains may be efficient; that’s not the same as resilient. He returns to a theme of earlier books; failure. While it’s rare in any occupation to focus on something that people don’t want to be attached to, for Peter an organisational failure is a teacher; ‘a diagnostic, a means of understanding how organisations are actually designed, rather than how they believe themselves to be’. He argues that resilience emerges; ‘when governance, risk, security, leadership, culture, and operational reality are intentionally aligned’.
Peter, pictured, cautions against compliance or metrics for their own sake; he quotes the writer Bruce Schneier who labelled it all ‘security theatre’. “Illusions feel good,” Peter sums up. “But they break badly.” And we ought not to blame technology, he argues; people are underestimating rare events, over-trusting what’s familiar. Peter uses numerous case studies, some more well-known and recent than others; the cyber attack that shut down Jaguar Land Rover last year, the Allied Colloids fire in Bradford in 1991 – where Peter was then at work, and thus a witness. The lesson for him; ‘the fire was not simply an operational failure, nor solely a safety issue. It was a failure of design. The organisation had grown, adapted and optimised, but resilience had not evolved at the same pace.’ To go back to how tech is not to blame; businesses have no lack of data; they may not have the confidence to interrogate it, and then act on it.
Sub-titled ‘The Architecture of security, risk and human decision’, the book concludes that security, and resilience, people have to confront reality; have ‘uncomfortable conversations’ even in board rooms. Board members, Peter argues, have to ask harder questions. It might dawn on the reader long before the end of this short book that the security professional as described by Peter goes well beyond managing a contract guard force, or drawing up reports on incidents; such a professional has to ‘understand enterprise risk, organisational behaviour, governance, and consequence’, and be ‘prepared to speak truth to power’.
