In a discussion chaired by psychologist Dr. Peter Hughes, the panel: Team Fusion CEO Jasper De Q Adams OBE, The HALO Trust Africa Director Lucy Reeve, and former UK Special Forces operator Dane Kenny kept returning to one uncomfortable conclusion: the threats that do real damage are rarely the dramatic ones. They are the ones hiding in routine, unnoticed precisely because they have become part of the everyday landscape.
Risk is a value judgement- and the judgement can change overnight
Why do successful, intelligent people so often underestimate risk? Lucy Reeve's answer was blunt: because they don't fully understand the risk environment they are operating in. Leaders focus on the strategic and physical risks they can see, while the most consequential exposures often sit in the unglamorous places - control mechanisms, risk registers, the human dynamics that no policy can fully account for.
Jasper De Q Adams added a crucial point: risk is a value judgement, not a fixed fact. In a high-risk environment, threats are obvious, and attention follows them. It is the mundane and the routine that quietly become high-threat - and the judgment you made about your exposure last year may simply no longer hold.
The panel's examples made the point vividly—JK Rowling went from low-profile to needing round-the-clock security overnight. A chief executive can become a target not because of anything they did that week, but because public sentiment towards their company shifted - the panel noted polling after the killing of UnitedHealthcare's CEO in which a startling share of respondents considered the act acceptable. Public opinion, amplified and accelerated by social media, can transform an individual's threat level in hours. Reputation, as Jasper put it, is very easily lost and very hard to regain.
One of the evening's most quoted lines came from Lucy Reeve: "risk isn't sexy."
Leaders are naturally drawn to growth, innovation and opportunity. Risk management feels administrative, something to be delegated and audited, not discussed in the boardroom. Yet the seemingly trivial details are where exposure accumulates: the link clicked without thought, the lanyard worn on the train with your name and employer on display, the corporate WhatsApp group, the social media post that broadcasts your patterns to anyone watching. Individually harmless; collectively, the raw material from which serious threats are built.
Dane Kenny's framing was striking: the threat itself has never changed—it is always there. What changes is how visible and exploitable we make ourselves, and how seriously we take mitigating it.
Plans don't survive contact, awareness does.
Asked whether it's true that no plan survives contact with the enemy, Dane was unequivocal: you can plan for everything, but planning will never cover everything. What closes the gap is awareness.
The most common vulnerability he sees is also the most ordinary: people walking through life on their phones, oblivious to their surroundings, setting predictable patterns in their daily routines. Awareness is knowing your environment, your escape routes, your "what ifs"—this is what mitigates the gaps no plan can fill.
And when something feels wrong, listen. The panel were united on the value of gut instinct: in kidnap and hostage situations, Dane noted, instinct is invariably correct - the tragedies tend to come when it is ignored and complacency takes over. Lucy's advice: never ignore your gut. Jasper's caveat: instinct is sharpened by training and experience, not given for free. None of this requires paranoia. As Dane put it, you simply need to accept that bad things happen and have a plan for when they do.
Managing risk is managing people.
Lucy's closing advice distilled the evening: “managing risk is managing people well.”
Technology evolves and environments grow more volatile, but human behaviour sits at the centre of almost every security failure and every security success. The strongest organisations are not those with the thickest rulebooks; they are the ones that build cultures where people challenge thinking, ask difficult questions and raise problems early.
Lucy offered an example from HALO's demining operations: when a critical error was discovered, the culture meant the priority was fixing the problem first and dealing with the consequences after ” because the organisation had "built a muscle" around the understanding that mistakes happen, and the sooner they surface, the more controllable they are. Robust and disciplined, but open. That combination— psychological safety with high standards— is what separates a minor issue caught early from a crisis discovered too late.
The same logic applies to the team around you. Trust, the panel agreed, is built rather than acquired, and one of the privileges of civilian life is that you can choose the people around you. Choose ones who will challenge you.
Complacency is the invisible cost.
Perhaps the hardest problem the panel addressed: how do you keep people vigilant when nothing has gone wrong for years?
Dane's answer reframed the question. When things are going well, people start questioning the cost of security— but as Dane put it, "quiet is what working security looks like”. Complacency is the invisible cost of success. Team Fusion's own answer is structural: rotating protection teams to keep perspectives fresh, and penetration-testing their own security rather than assuming it holds.
Jasper closed the evening where the discussion began— with uncertainty. The world is no longer characterised by episodes of crisis followed by stability; geopolitical instability, global connectivity and the grey zone between war and peace have made uncertainty a constant. His advice to leaders: "Embrace and accept radical uncertainty. The goal is not to predict the next shock, but to build the awareness, culture and capability to respond well when it arrives, so that you and the people you're responsible for can keep living fully in its shadow.”
So, what should leaders do?
The discussion pointed to five practical commitments:
1) Reassess, don't assume. Risk is a value judgement that changes with visibility and public sentiment. Ask regularly: what has changed since we last looked?
2) Take the mundane seriously. Audit the everyday—digital footprints, routines, patterns, the small habits that quietly broadcast vulnerability.
3) Train awareness not just plans. Plans won't cover everything; awareness fills the gaps. And treat trained gut instinct as data, not noise.
4) Build a speak-up culture. Make it safe to challenge decisions and surface mistakes early. Most crises were once small problems somebody noticed and didn't raise.
5) Guard against complacency. Quiet means security is working, not that it's unnecessary. Test your own defences before someone else does.
Security, in the end, is not a department or a process. It is a mindset, a psychology, and the organisations that embed it are the ones that turn uncertainty into advantage.
If you wish to discuss any of the topics mentioned in this article, please contact a member of our team to schedule your confidential consultation and discover how intelligence-led insider threat management protects both your people and your reputation.