Cyber Resilience Consultancy

It is all about Trust. Can your board demonstrate, due skill, care, and diligence in the increasingly complex digital age?

Advisory Services

We offer a full advisory service which are the provision of advice for on-going business challenges, on a long-term basis, which often aid governance and risk management decision-making or implementation and can be considered a means to build individual and organisational knowledge, skills attitudes, and behaviours over time.

What we can offer


Either as a retained service or on demand. Either advising the board and or execs as a whole, or specific independent advice, on strategy, change and in the event of real incidents - crisis.

This includes external Data Protection Officer (DPO). DPO’s may be mandatory and often arise out of Discovery assessments (see below).


The Companies Act 2006, Part 10, Chapter 2, Clauses 172-174:

  • Directors have a duty to promote the success of the company.
  • Directors must exercise independent judgement.
  •  Directors must exercise reasonable care, skill and diligence.

Who, When, Where and How

This is driven by you, the client.

It is usual to include a hybrid approach of agreed meetings, both F2F and virtual. Some are formal, many more are informal. Creative Systems and DA Resilience have the ability to bring in associates or recommend others for additional or more specialised advisors.

Consultancy Services

Consulting services are delivering specific defined project outputs.

What we can offer


The norm is an agreed statement of work (SOW) with our clients.  This does not have to be too narrowed down, and is usually completed on a time and materials basis.


Most companies don’t have all the knowledge and skills, or benefits of an external consultancy to perform certain activities and tasks.

Who, When, Where and How

Creative Systems and DA Resilience provide a holistic approach to risk and resilience consults, and work closely with associates, including from OSP Cyber academy and Toccata Data Governance, and or recommended trusted 3rd parties to do certain speciality aspects, i.e vulnerability penetration testing and STA(R).

Black Swan Events

The term Black Swan originates from the Western belief that all swans are white. However, in 17th century a Dutch explorer discovered black swans in Australia. This was a wholly unexpected event and profoundly changed zoology.

Today we refer to ‘Black Swan Scenarios’ as cyber events that cannot possibly be envisioned by an organisation: The threat is real, the consequences will be catastrophic, but the business has not, and often cannot conceive of the hazard, let alone erect defences, train staff, or have contingencies.

A ‘worst case scenario’ is the worst thing that you and your team can envisage: Our team will show you your Black Swan scenario, we will help you plan and seal your vulnerability’s


Intrinsically unpredictable (unknown, unknowns), but high impact.


These are believed to be unlikely to happen (known, unknowns) so we have invested our scarce resources elsewhere, yet off the area for the most improvement for risk management strategies and decision making.


Occur with reasonable frequency, strike with reasonable impact and are inherently preventable (known, knowns).

The Result

We can walk the whole journey with you, or leave you with our findings.

Get in touch so we can help with your
cyber resilience needs