Professor Danny Myburgh, Cyanre. Cyanre, a specialist in cyber resilience and incident response, will use its platform at the ITWeb Security Summit 2026 to challenge one of the most entrenched assumptions in cyber security: that policies alone can protect organisations from modern attacks.Taking place at the Century City Conference Centre in Cape Town on 26 May and at the Sandton Convention Centre in Johannesburg from 2 to 4 June, the summit provides a platform for African security leaders to confront the realities of an increasingly automated and adversarial threat landscape. As part of its participation, Cyanre will deliver two sessions focused on the practical challenges of managing cyber incidents. Cyanre associate director Lukas van der Merwe will present Digital Wounds, examining the broader organisational and leadership impact of breaches, while Cyanre MD Professor Danny Myburgh will present Resilience Cannot Be ‘Policied’, a session grounded in decades of digital forensic and incident response experience. “Policies don’t stop attackers, but preparation changes outcomes,” says Myburgh. Cyanre’s message reflects a recurring pattern observed across real-world incidents: organisations often rely heavily on policies, frameworks and compliance activities, yet struggle when faced with the speed and ambiguity of an active breach. In practice, response effectiveness is rarely determined by documentation alone, but rather by how well teams have internalised processes and prepared for high-pressure decision-making.A key theme in Cyanre’s sessions is the concept of practical readiness. During a cyber incident, particularly in its early stages, decisions must be made quickly with incomplete information. The ability to act decisively in those conditions depends far less on referencing formal plans and far more on prior preparation, rehearsal and alignment across the organisation.This extends beyond technical teams. Cyanre highlights that incident response is inherently a business-wide effort, involving leadership, legal, communications and operational functions.“When a breach occurs, it becomes a business event almost immediately,” says Van der Merwe. “How the organisation responds is shaped by clarity of roles, decision-making authority and leadership alignment long before the incident begins.”The firm also challenges common assumptions about cyber risk. Modern attacks are increasingly automated and indiscriminate, targeting opportunity rather than specific industries or organisation sizes. As a result, organisations of all types and scales are exposed, regardless of perceived maturity.At the same time, Cyanre cautions against equating security investment with resilience. While technology remains a critical enabler, the absence of operational capability can undermine even the most advanced toolsets, creating a false sense of security.“Security is not defined by how much you spend, but by how effectively you can respond when something goes wrong,” adds Myburgh.Preparation, Cyanre argues, has a direct impact on how quickly an organisation can understand what has happened, stabilise its environment, and move towards recovery. This includes ensuring teams are aligned, decision pathways are defined, and trusted partners are in place before an incident occurs.Another focus area is decision-making under pressure. Many of the most complex choices in a cyber incident, ranging from disclosure and communication to engagement strategies, carry legal, financial and reputational implications. Cyanre emphasises that these decisions should be addressed in advance, rather than for the first time during a crisis.The organisation also advises against reactive behaviour during incidents, such as engaging unfamiliar vendors or introducing new solutions under pressure. Instead, it encourages organisations to establish trusted relationships and response structures ahead of time.Ultimately, Cyanre’s presence at ITWeb Security Summit 2026 reinforces the idea that cyber resilience is not achieved through policy alone. It requires deliberate preparation, practical experience and organisational alignment.“Preparation requires moving the budget from ‘after’ to ‘before’,” Myburgh concludes. “Because when an incident happens, it’s already too late to build resilience; you’re simply testing whether it exists.”About CyanreCyanre is a cyber resilience firm specialising in incident response, digital forensics, breach readiness and executive-level cyber crisis management. Working with boards, executive teams, legal counsel and insurers, Cyanre helps organisations prepare for, manage and recover from complex cyber incidents.With experience across thousands of incidents over more than two decades, Cyanre’s approach focuses on real-world response dynamics, decision-making under pressure and aligning organisations to respond effectively when it matters most.About ITWeb Security Summit 2026ITWeb Security Summit 2026 will be held at Century City Conference Centre, Cape Town on 26 May 2026 and at Sandton Convention Centre in Sandton, Johannesburg from 2 to 4 June 2026.Themed: ‘Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap’, the 21st annual edition of Security Summit will continue in its tradition of bringing leading international and local industry experts, analysts and end-users together to delve into the specific threats and opportunities facing African CISOs, security specialists, GRC professionals and anyone else who is responsible for securing their organisation from cyber-attacks.Register today. Visit here for Cape Town or here for Johannesburg.