CeFPro Connect

Workiva report skyscraper banner

Video

Incident Inevitable: Why Cyber Resilience is a Boardroom Issue Now
With threats rising and regulation tightening, cyber resilience is no longer just an IT concern. Mo Philip of Legal & General explores how integrated frameworks, leadership buy-in, and industry collaboration are key to surviving the inevitable incident.
May 02, 2025
Mo Philip
Mo Philip, Head of Information Security & IT Risk, Legal & General
Tags: Cyber
The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

Speaking behind the scenes at Risk Evolve, Mo Philip, Head of Information Security at Legal & General Retail, outlines the building blocks of a modern incident response framework. Rather than aiming for total prevention, firms must assume that incidents will occur and prepare accordingly—through a blend of people, processes, and technology. This cross-functional approach involves engaging legal, HR, IT, and business teams from the outset.

Mo emphasizes the growing importance of regulatory collaboration, particularly within UK financial services, where information sharing has become a collective defense mechanism. By staying aligned with best practices and engaging with regulators like the FCA, organizations can remain ahead of compliance expectations rather than reacting to them.

Securing board-level buy-in is another core challenge. Mo advises linking cybersecurity with operational resilience—something leadership already understands. He also stresses the value of conducting tabletop cyber exercises with executives to bring theoretical threats to life and build urgency around investment.

On automation, Mo warns that many firms still rely on manual cyber controls that are difficult to scale or test accurately. He advocates for smarter automation to close the gap between intent and effectiveness.

Finally, Mo argues for stronger industry-wide collaboration and the integration of cyber risk within the broader operational risk ecosystem. He calls for business-led cybersecurity teams that report outside of IT to maintain independence and visibility across enterprise risks.

Mo Philip Bio

Mo brings a wealth of experience covering first second and third line roles in Cyber Security Risk Management and Resilience across several sectors including Financial Services Technology Retail UK Government and Telecommunications. He joined L&G as a Head of IT Risk in early 2022 and currently leads the security teams across a diverse business that provides life insurance pensions mortgages and fintech services to retail customers. He is well versed in delivering initiatives aimed at driving technology risk management and security good practice into organisational culture for firms that deliver high levels of IT transformation and change and utilise agile frameworks.

Mo Philip
Sign in to view comments
You may also like...
Related insights
Workiva report skyscraper banner