For CISOs and Heads of Operational Resilience at UK insurers, banks, and FinTech companies: we're building the Crisis Room Simulator to surface where your crisis response is likely to break and generate the evidence you need to fix it, while there's still time before the regulator tests it for real.
The regulator asks: “Show us the evidence that your crisis response actually works.”
You filed your impact tolerances on time. Your Important Business Services register is mapped. But you've never actually tested what happens when someone pulls the trigger on isolating a compromised system at 2am. Who calls who? How long before critical services go dark? Does anyone even know the FCA notification threshold's been crossed?
The FCA already knows this is where firms are weakest. Their 2026 observations are clear: some firms “state there's no scenario they wouldn't be able to recover from, but don't include evidence.”
For insurers, the PRA's DyGIST exercise is a 3-week live crisis simulation unlike anything the sector has faced before. Scenarios not shared in advance. No scripts. No best behaviour. For all FCA-regulated firms, PS26/2 enforcement starts March 2027.
Your annual tabletop (two hours, everyone performing, £50k+ to a consultancy) doesn't come close to replicating this. And the FCA's direction of travel is clear: firms need to move beyond paper-based assurance toward more sophisticated, evidence-based testing.
You're the one who'll be answering the board's questions when it goes wrong. Right now, you're answering with assumptions.
We build a twin of your organisation. Then we break it.
Not your infrastructure. Your people. AI personas of your CISO, CEO, CRO, and functional heads make decisions in real time. You watch the cascade unfold: which handoffs get missed, which tolerances breach, which downstream services nobody thought about until they went dark.
The goal: surface the likely failure points in your crisis response and generate audit-ready evidence. So you can fix it before it matters.
Walk into the next board meeting with evidence, not assumptions. Show the board a documented simulation that either proves your response works or pinpoints exactly what needs fixing. Before the regulator does it for you.
Your tolerance mapping finally gets tested against something that moves. Monthly, not annually. Every run produces audit-ready documentation automatically, so you can stop manually writing up tabletop findings.
See a clear before-and-after: which gaps existed, which were closed, and the documented evidence trail the PRA expects. The FCA's 2026 observations leave no room for doubt: firms need empirical testing, not judgement-based assurance.
AI twins of your C-suite and functional heads make decisions in real time. You see who escalates late, where accountability gets fuzzy, and which handoffs fall through. The things a scripted tabletop will never surface.
When you isolate a system, we show you everything downstream that fails: SLAs, customer journeys, third-party dependencies, regulatory notification thresholds. You get the view the regulator wants before they ask for it.
Real-time alerts when simulated response times blow past your stated tolerances. A flag in the moment, tied to the specific service and the specific decision that caused the breach. Not a retrospective finding three weeks later.
PS26/2 enforcement begins March 2027. Your team rehearses the full detect-escalate-classify-report flow under realistic pressure. The worst time to learn your incident reporting process is during an actual incident.
Every simulation run produces FCA/PRA-grade after-action documentation automatically. Board-ready, audit-ready, no manual formatting. A clear trail: what was tested, what broke, what's been fixed.
Run scenarios monthly, not annually. Compare results over time. Watch your response capability actually improve. The PRA's stress test is looking for proof that your organisation learns, and this gives you that evidence.
Founded AI Dionic in March 2024 after a 16-year cybersecurity career spanning payment services, gaming, insurance, and tech sectors. Former CISO at Gett and Valarian, Global Head of Digital Cybersecurity at Marsh McLennan. Named a Top 30 UK CISO in 2022 by CSO Online. PhD in Artificial Intelligence from the University of Surrey, specialising in Natural Language Processing.
Strong track record taking early-stage cybersecurity companies to international markets while building pipeline and developing partner programmes. Previously VP International (EMEA) at ThreatQuotient and EMEA Sales leadership roles at Sourcefire and Cisco Security.
Led the Global System Integrator Division at BT Global Services. Helped establish World Economic Forum cyber resilience programmes and sat on the Information Security Forum advisory board. Co-founded the White Hat foundation in 2004 and honoured with the Lifetime Achievement Award in 2025.
Founded Aptec as a student, growing it to a $2 billion company before its acquisition by Ingram Micro, where he became CEO for the META region and SVP. Holds several pending AI and Cyber Security patents. PhD in Computer Science from Imperial College London.