An interview with Seán Doyle WEF’s Cyber Chief: Why Global Collaboration is the Only Path to Cyber Resilience

Steve Durbin, Chief Executive of the Information Security Forum, speaks with Seán Doyle, who leads the World Economic Forum’s Centre for Cybersecurity, about mobilizing public-private partnerships to tackle systemic, cross-border cyber risks. The discussion explores how the WEF convenes diverse stakeholders to counter cybercrime, strengthen resilience across critical infrastructure and supply chains, and convert expert insights into actionable playbooks and multi-stakeholder tabletop exercises. Doyle emphasizes the need for harmonized, outcome-based regulation, legal clarity and incentives for information sharing, and targeted capacity building for SMEs. He urges boards and CEOs to treat cyber as a core business risk, invest in fundamentals, and rehearse crisis coordination—closing with a practical step: run a partner-inclusive tabletop to turn relationships and rehearsal into real-world resilience.

Durbin: Seán, thanks for joining me. You’re the Lead for the Centre for Cybersecurity at the World Economic Forum. What does that mean in practice—what does the Forum do in cybersecurity, and what’s your role?

Doyle: Thank you, Steve. To explain my role, I should start with the Forum itself. The WEF is an organization for international public-private partnerships. Where there’s a cross-border problem that can’t be solved by the private sector alone, or by governments or academia alone, that’s where the Forum steps in. Cybersecurity is exactly that kind of challenge. Our aim is to bring a diverse group of experts and decision makers together, infrastructure providers, law enforcement, policymakers, and others—to work toward solutions that can be implemented. People know us for our Annual Meeting in Davos, but that’s just the visible tip of the iceberg. The rest of the year we’re convening the right people, especially where interests can diverge—say, between law enforcement and IT when countering cybercrime—helping them find ways to collaborate, and crucially, bridging the gap between expert recommendations and the decision makers in government and industry so that those recommendations are acted upon.

Durbin: And what about the specifics of your day-to-day? Cybersecurity reaches and touches pretty much everybody in society—if you’re delivering milk or running a stock exchange, you’ll be impacted by cyber. What do you get up to in your role?

Doyle: In the Centre for Cybersecurity, established in 2018, we focus on problems that are systemic and cross-jurisdictional. Practically, that means convening coalitions and projects that can move the needle: initiatives to counter cybercrime through closer cooperation between platforms, ISPs, cloud providers, and law enforcement; workstreams on building resilience in critical infrastructure and supply chains; and efforts to advance digital trust. We translate insights into actionable playbooks and run multi-stakeholder tabletop exercises to pressure-test how organizations and authorities would coordinate in real incidents. A big part of my job is making sure the right mix of operators, executives, and regulators are at the table—and that outcomes don’t sit on a shelf but are adopted by those who can implement them.

Durbin: Public-private partnerships are central to your approach. Why do they matter so much right now?

Doyle: Because cyber risk ignores borders while responsibilities are fragmented. A single ransomware campaign can impact hospitals in one country, manufacturers in another, and suppliers across several continents, while evidence and infrastructure sit in yet more jurisdictions. No single entity has all the levers. Providers see the traffic; companies see the impact; law enforcement can investigate and disrupt; policymakers can set incentives and obligations. The Forum provides a neutral platform to align these actors, build trust, and agree practical steps—for example, standardizing how to share indicators quickly, or coordinating takedowns with victim support so operations don’t inadvertently cause harm. Without that connective tissue, we get duplication, friction, and slower, less effective responses.

Durbin: You mentioned tabletop exercises to promote resilience. What makes a good exercise, and what have you learned from running them?

Doyle: The best exercises simulate what really hurts: cross-sector, cross-border scenarios with incomplete information, supply chain ambiguity, and time pressure. We focus on roles and decisions—who calls whom, what can be shared legally and when, which thresholds trigger regulatory reporting or sector notifications, and how to align public communications. We look at escalation paths from the SOC to executives and boards; the mechanics of engaging law enforcement; and interactions with service providers who hold the keys to containment. We measure outcomes like time-to-decide, clarity of decision rights, and the ability to coordinate across jurisdictions. The most valuable output isn’t just a refined playbook; it’s relationships and muscle memory that carry into real crises.

Durbin: Around the world, legislation and regulation are evolving. How can they improve to promote economic interests without stifling innovation?

Doyle: Three points. First, harmonization and interoperability: differing incident reporting regimes and control frameworks increase compliance costs without necessarily improving security. More outcome-based, risk-driven requirements—and mutual recognition across jurisdictions—would reduce friction for global businesses. Second, clarity and incentives: clear definitions of material incidents, safe harbors for good-faith information sharing, and predictable timelines help organizations act swiftly without legal ambiguity. Third, capacity building: SMEs make up much of the economy but often lack resources. Targeted support—baseline controls, shared services, and procurement incentives—can raise the floor. The overarching goal is to align economic resilience with security outcomes, not box-ticking.

Durbin: How should boards and CEOs engage to make this real?

Doyle: Treat cyber as a business risk with strategic, financial, and operational dimensions. Boards should ask for scenario-based assessments tied to revenue, supply chain, and regulatory exposure; require measurable resilience metrics; and oversee regular exercises that involve senior leadership. Executives should ensure that incident response integrates legal, communications, operations, and partners—not just IT—and that participation in sector and cross-sector collaboration is resourced. Finally, invest in fundamentals—identity, patching, backups, architecture—while planning for failure: recovery, continuity, and stakeholder trust.

Durbin: If you could leave listeners with one practical step to take this quarter, what would it be?

Doyle: Run a cross-functional tabletop that includes your key external partners—cloud or telecom providers, critical suppliers, and your local law enforcement contact. Use it to clarify decision rights, information-sharing boundaries, and communications. Then turn the findings into two things: a tighter playbook and a short list of commitments you’ll make with those partners. That combination—relationships plus rehearsal—moves you from theory to resilience.