The Governance Gap — Introduction to the Decision Confidence Grid (DCG) - Hybrid Webinar
Description
Boards of UK and international financial services firms are being held to a higher standard of cyber resilience governance than at any previous point in regulatory history. The EU's Digital Operational Resilience Act (DORA) Article 5 places explicit, non-delegable accountability on management bodies, not just management. The U.S. Securities and Exchange Commission (SEC) now requires public companies to describe their board oversight processes in annual filings, creating investor-facing accountability for governance quality.
In the UK, the FCA's supervisory findings published in March 2026, reviewing firms' operational resilience self-assessments following the March 2025 compliance deadline, identified unclear board engagement, inadequate challenge, and self-assessments that fail to give boards sufficient information to oversee resilience decisions as recurring weaknesses across firms. The NACD's 2025 survey found that 77% of directors now discuss cyder's financial implications, a 25-point increase from 2022. The FCA's findings explain why that progress has not closed the governance gap: engagement has increased; governance outcomes have not.
The introductory hybrid 90 minute session establishes why bilateral governance capability determines whether governance structures produce governance outcomes, introduces the DCG framework and its four states, and enables participants to conduct an initial governance state self-diagnosis for their organisation.
WHY ATTEND
Learning Outcomes: Participants will:
- Understand why the gap between governance structures and governance outcomes persists and why awareness training does not close it
- Identify the four DCG governance states and the observable characteristics of each
- Diagnose their organisation’s current governance state, identifying whether gaps lie in specialist framing, board questioning, or enabling conditions
- Understand what Defensible Stewardship looks like in practice and why it is the standard regulators and investors are moving toward
- Connect the DCG governance states to FCA, DORA, and SEC regulatory expectations
AGENDA
-
Opening scenario: A board that didn't know it didn't know
- The regulatory shift: what the FCA, DORA, and SEC now require of boards
- Why more board engagement hasn't produced better governance outcomes
-
Introducing the Decision Confidence Grid: the bilateral model and why it matters
- The four governance states: what they look like in practice
- Defensible Stewardship: the target state and how to recognise it
- The self-diagnosis: where does your organisation sit across framing, questioning, and enabling conditions?
- Q&A + Close
SPEAKERS
Gerrad Olisa-Ashar has spent over two decades in technology risk and governance. He has built, run and transformed cyber security functions at firms including Direct Line Group, Jupiter Asset Management (formerly Old Mutual Global Investors), Nuveen (formerly TH Real Estate), and Tesco Pensions Investment, and has advised boards and executive teams across banking, insurance, and asset management on cyber risk strategy and governance.
He has sat on both sides of the board table. As a practitioner he experienced first-hand the challenge of translating technical risk into information boards could act on. As a NED and advisor, he has worked with boards and risk committees on what effective cyber risk oversight requires in practice. That experience is the foundation of the Decision Confidence Grid™, a bilateral governance framework for board-level cyber risk oversight.
Gerrad is Managing Partner of Cyberbridge Partners, a Non-Executive Director and BARC Chair at a regulated digital bank and holds an MBA from the University of Cambridge.
WHO SHOULD ATTEND
Audience:
Modules CISOs, CROs, COOs, Heads of Operational Resilience, Company Secretaries, and Non-Executive Directors The programme is built for mixed audiences; developing cyber risk framing capability and board questioning capability simultaneously.
PRICING
£95.00 + VAT
Pay using a credit card online, or if you wish to be invoiced please email your full details to: Training@theia.org
PLEASE NOTE: Full payment for the course must be made prior to the course commencement date.
- Any cancellation must be made in writing.
- For all cancellation received 15-30 days prior to the course start date, 50% of the course fee is still payable.
- No refund is given for a cancellation made 14 days or less prior to the commencement of a course.
- Transferring from one course to another is treated as a cancellation.
- You can substitute one delegate for another at no additional cost. In this instance, please give two business days’ notice.