Black Snow: Boardrooms Playing Billion Dollar Chinese Whispers

Cyber breaches rarely start with code. They start with governance.

Black Snow is what happens when risk signals get softened, delayed, and politically managed until they are no longer signals at all. Dashboards go green. Assurance reports pass. Third-party dependencies get filed under "someone else's problem". And the organisation walks closer to a preventable, outsized failure while telling itself it is being responsible.

BLACK SNOW is a leader's playbook for cyber governance in the real world: messy incentives, blurred accountability, vendor sprawl, and decision papers that feel rigorous while hiding what matters. It treats major incidents as a predictable governance outcome, not a random hack. The technical compromise is usually the final step, not the first.

Most organisations do not fail because they lacked a policy. They fail because governance allows weak evidence to pass as assurance, because ownership is diffused, and because decisions are made on comfort language rather than tested reality. Black Snow shows how that drift happens, how it becomes normalised negligence, and how to stop it before a headline forces clarity.

Inside you'll learn how to:

Spot Indicators of Weakness early and separate real signals from reporting gloss.

See how small control gaps turn into systemic outages through dependency chains and outsourcing.

Pressure test third party exposure and concentration risk without relying on vendor assurances.

Identify when recovery assumptions become fantasy and verify readiness with evidence you can defend.

Replace status updates with decision clarity: who owns the risk, what is being tested, and what proof actually exists.

Demand assurance that maps to resilience, not narrow scope compliance theatre.

Practical tools you can apply immediately:

A boardroom signal check: red flags that tell you the reporting is cleaner than the reality.

Question sets that force clarity on ownership, testing, and evidence.

Prompts for sequencing and trade-offs so investment reduces fragility rather than relocating it.

Simple ways to challenge assurance that is scoped too narrowly to matter.

Who this is for:

Directors and committee members who sign off on cyber risk but do not want to be surprised by a headline.

CEOs and executives who want cyber risk owned and managed like any other enterprise risk.

CISOs, risk leaders, and internal audit who need leverage to cut through comfort reporting and misaligned incentives.

This is not a technical hacking manual. It is a governance field guide for building resilience that stands up to incidents, regulators, insurers, and courtrooms. If your organisation relies on vendors, cloud platforms, MSPs, or shared services, this book will help you see where the real concentration risk is hiding.

If you want fewer surprises, fewer excuses, and clearer accountability, start here. Read it like a briefing. Use it like a checklist at your next board or executive risk discussion.