In this candid conversation, Chris Krebs brings a global, board‑level lens to the cyber risk landscape, arguing that many of today’s assumptions about stability, trust and governance are already broken. Drawing on his experience leading CISA and advising industry, he unpacks why cyber risk can no longer be treated as a technical issue, but as a core business and geopolitical concern. The discussion spans weakened institutions, brittle third‑party ecosystems, and legacy technologies that no longer deserve implicit trust, before landing on a clear message for leaders: imagination, not regulation, is now the limiting factor. In an era where cyber is often the first move in conflict, resilience depends on confronting worst‑case scenarios, reasserting control over supply chains, and embedding security into every strategic decision.