Why continuity is the blind spot we can’t afford to miss

“The risk that keeps me up at night is trust in machine decision-making.”

That was the first thing BHMEA speaker Nikk Gilbert (CISO at RWE) told us when we asked about the threats nobody is talking about yet. From AI-driven systemic risks, to the fragility of the global digital fabric; his insights cut through compliance checklists and optimistic assumptions – and remind us that security is ultimately about resilience, humility, and human fallibility.

Here’s the full conversation.

What’s one security threat or systemic risk that no one’s really talking about yet; but that you think could become a big deal soon?

“The risk that keeps me up at night is trust in machine decision-making. We’re handing over authority to AI systems in finance, logistics, and energy faster than we can test the edges. Rather than bias or privacy, the real danger is what happens when these systems act on poisoned or manipulated data at machine speed. There’s no safety net when decisions outpace human reaction time. By the time we realise something has gone wrong, the damage will already be done.”

In critical industries like energy, where is the gap between what is legally secure and what is actually secure?

“Compliance is not the same as security. Legally secure means you passed the audit. Actually, secure means you can take a hit and keep going. You can be fully compliant and still one mistake away from catastrophe. Bad things happen to good companies, and a compliance certificate will not save you. The real test is resilience, not paperwork.”

Across military, government, and critical infrastructure, which domain taught you the hardest lesson about human fallibility, and how has that shaped your view of risk?

“The military taught me the hardest lesson. You can have the best plan, the strongest team, and absolute clarity of mission. Yet, one small mistake – fatigue, pride, distraction – can completely alter the outcome. That truth never left me. Risk is not just technology; it is people. Strength comes from accepting human fallibility and building systems that can withstand it, not ignoring it.”

In a business setting, how do you talk about systemic risks without scaring people?

“There is no such thing as zero risk, and no amount of optimism will change that. I tell leaders the truth without drama. Systemic risks are real, but they’re not the end of the story. The point is not to frighten people, it is to ground them. We focus on what can be controlled: readiness, response, and recovery. Resilience takes time. Rome was not built in a day, and neither is security. Progress is possible, and that is where confidence originates.”

Ten years from now, what blind spot will we look back on and say ‘we can’t believe we missed that’?

“Continuity. We assume the digital fabric of our world, including the cloud, satellites, undersea cables, and GPS, will always be there. But it is not a law of nature; it is fragile. A rupture in that fabric, from something like conflict, sabotage, or natural catastrophe, could unravel more than we imagine. The blind spot will be a lack of humility; in believing our systems were permanent.”

Thanks to Nikk Gilbert at RWE. Register now to attend Black Hat MEA 2025 and learn directly from the leading minds in cybersecurity.