Counterterrorism in cyber-security

Si West at Resilience argues that counterterrorism skills have a natural place in cyber-security 

 

I transitioned into cyber-security after spending 14 years in the Royal Marines, as well as time mentoring a police counter-terrorism unit in Mogadishu. It has become increasingly common for military, intelligence, and counter-terrorism veterans to enter the sector, which grew by 5% in 2024.

 

Cyber-risk is the top business risk for 2025, according to the latest Allianz Risk Barometer report. Cyber-incidents – including data breaches, ransomware attacks, and IT outages – are pervasive, with the UK Government finding that 74% of mid-to-large UK businesses have experienced cyber-crime.

 

However, 44% of UK businesses report skill gaps in basic cyber-security areas. Technical knowledge alone is no longer sufficient for a modern cyber-security professional. Instead, they need to have wide-ranging skillsets that encompass analysis, risk management, proactive planning, leadership, and quick decision-making, all of which are increasingly prioritised by security departments.

 

This is where people like us come in. We help fill this gap in the industry and offer the varied skills, such as threat intelligence, risk management, response planning, quick decision-making, and leadership, that help businesses adopt robust, adaptable cyber-security strategies.

 

Veteran-in-the-loop

Today, over 700,000 military veterans are employed in civilian roles in the UK, yet over half of them have jobs in low-paid or routine occupations that don’t fully use their skills. Cyber-security is a space where these unique skills are in high demand, and Resilience prides itself on its military and intelligence backgrounds, with our co-founders coming from the US Air Force and the White House security department.

 

One skill is our ability to analyse potential risks and digest threat intelligence. In both counter-terrorism and cyber-security, intelligence gathering and analysis are crucial to identifying bad actors, attack patterns and vulnerabilities. Despite the advent of artificial intelligence, recognising and monitoring potential threats still requires a human-in-the-loop to identify truly valuable information.

 

For instance, we have developed technology for our clients that provides insights on a business’ cyber-risk, as part of our vendor risk reports, as well as manage a centralised hub of information through our Risk Operations Centre. However, these still must be leveraged by CISOs and other cyber-security professionals to proactively hunt and remediate cyber-threats, highlighting the importance of the human-in-loop

 

Managing the bigger picture

Risk management must be approached holistically. Risks and losses are inevitable during military conflict, and this is equally applicable to cyber-risk. Expertise in seeing the bigger picture helps develop the right mindset. It is particularly valuable in cyber-security, where cyber-attacks have become more frequent and severe and it is not viable to attempt to thwart every possible attack.

 

Cyber-risk quantification – the translation of cyber-risk into business risk – helps firms measure and predict the financial value of an attack on a given asset in advance, which can then be used to inform their proactive maintenance and protection strategies and limit material losses. According to a Resilience survey of the UK’s largest businesses, in partnership with YouGov, qualitative analysis remains more popular than quantitative risk. Only just over half of businesses quantify their cyber-risk, despite it being more effective.

 

Planning ahead for incidents is another key skill for cyber-security professionals. Counter-terrorism requires anticipating threats before they materialise and developing contingency plans for various scenarios. The mantra ‘prior preparation prevents poor performance’ applies just as much to cyber-security. CISOs should ensure their team understands the necessary actions, responses, and procedures to take in the event of a breach and in order to contain and recover from cyber-incidents effectively.

 

A delayed or uncoordinated response can cause further operational disruption, and damage a firm’s reputation. The practical experience from counterterrorism can support in leading and communicating incident response plans.

 

A superior soft skillset

However, while one can plan as much as they want for an incident, plans often go out the window in an actual crisis. One of the most important soft skills that I have picked up is adaptability. Something ingrained in us in counterterrorism is to always deliver on your promises, no matter the situation. It is crucial to have this flexibility in a fast-paced environment, and with cyber-risk assessments increasingly based on judgement calls rather than total loss-elimination, it is unsurprising that veterans tend to adapt well to cyber-security positions.

 

Finally, one of the most key transferrable skills is leadership. The best CISOs are those who work quickly to ensure that accurate information is disseminated, communicate clearly, and maintain a positive, inspirational attitude to minimise fear and doubt among the team. Military and intelligence teams have a more integrated command structure, and this experience makes them the perfect candidates to implement this.

 

The chain of command in counterterrorism is simple but well-integrated, with effective operations dependent on multiple bodies working in union for a single goal or objective. In cyber-security it is the same, and a siloed response is not just insufficient, it is actively detrimental.

 

However, CEOs have failed to embrace this, with over 60% of global CEOs failing to incorporate cyber-security into their wider business strategies. Cyber-resilience is increasingly dependent on CISOs encouraging C-suite leaders to understand cyber-risk, highlighting the importance of cyber-risk quantification.

 

Those with military and counter-terrorism experience, therefore, are best placed to understand the value of this emphasis on teamwork and the chain of command, and effectively implement this new way of thinking.

 

However, leadership is not just about the before and during. Post-operation debriefs are just as important as the rest of the process, and being able to lead a discussion reviewing what went wrong and lessons learned is the mark of a good leader. In counterterrorism, we encourage a no-blame culture, focusing on the big picture and improving the unit as a whole, and this mindset is essential for businesses to continue refining their responses to cyber-attacks.

 

Solving the cyber-security skill gap is crucial, and it is important to recognise that cyber-security is not an industry restricted to people with prior experience. Having this already-formed skillset means employees with backgrounds in military, intelligence, and counterterrorism only require training in sector-specific knowledge and expertise, which significantly reduces training costs and onboarding for organisations.

 

As cyber-crime increases in complexity, the most forward-thinking organisations will recognise how their unique expertise will be essential to avoid financial losses and inspire trust and confidence.

 

---

 

Si West is Director of Customer Engagement at Resilience

 

Main image courtesy of iStockPhoto.com and jon666