Join us July 28-August 1 for the online VISIONS CIO Summit, hosted by Quartz Network. Be our guest when you use code NWG-VIP.
By David Howard, President, NetWorks Group
Throughout my 30-year career, I've met with countless cybersecurity leaders as the industry has grown and changed. One thing has become abundantly clear: Security alone is no longer enough.
Today’s threat landscape is too fast-moving, complex and adaptive. Even the most secure organizations suffer breaches. That’s why when I start talking with a customer about their goals, our conversations are no longer just about prevention; they’re about resilience.
Cyber resilience is the capacity to prepare for, detect, recover from and adapt to adverse cyber events. For business leaders, the challenge isn’t just understanding what resilience looks like — it’s knowing how to measure, improve and embed it into the DNA of your organization.
In this latest blog post in our series on cyber resilience, I’ll share the kinds of questions we ask as we start working with a customer and the things we urge them to look for as they assess their cyber resilience. We’ll also include some guidance we often share around how you can identify areas of opportunity to improve.
In our first post in this series, we framed cyber resilience around five key capabilities. Consider the following questions alongside each capability as a starting point for assessing your resilience.
Each of these areas reflects a decision point — and often, an opportunity for improvement. The answer to these questions is rarely straightforward, and it can be hard to know where to start. But keep in mind that even not knowing the answer to one of these questions can be instructive because it shines a light on an area where you need to focus some time and thought within your organization. Getting a clear picture of where you are right now is the first step in building a plan of action to reach your goals.
As we’ve discussed in previous posts in this series, cyber resilience requires a cultural shift within your organization, and it starts at the top. Ask yourself these questions about leadership and executive alignment when you’re assessing your organization's resilience:
Effective communication with your executive leadership team requires concise and contextual information about your environment. Meaningful, relevant, digestible, contextual information is necessary to paint a clear picture of where you stand. You also need validation from outside parties and recommendations to help reinforce your ideas and initiatives.
One of the top qualities of resilient organizations is that their employees are engaged in and contribute to security, beyond just the security team. Questions to consider:
Security and resilience don’t end with your security team and decision-makers. One of the most effective methods we’ve seen of achieving company-wide security awareness and understanding is facilitating tabletop exercises. When we run through a breach scenario with not just the IT and security team, but with the executive team, marketing, human resources, accounting, etc., we witness the collective realization of how security connects all these departments and how everyone has a role to play in driving the security interests and strategy of the organization.
No organization is perfectly resilient. But as we discussed in our post on the top qualities of resilient organizations, the strongest ones share a few key traits:
Resilience is a continuous process that involves prevention, detection, containment and recovery. Penetration testing, the foundation of cyber resilience, serves as your catalyst in this journey, allowing you to assess your current security posture and use actionable insights to strengthen security controls and enhance your ability to withstand attacks.
If there’s a gap between where you are and where you want to be, that’s not a sign of failure — it’s an opportunity to lead.
Your ability to lead through uncertainty is tested more today than ever before. Cyber threats are now business risks. And your level of resilience can mean the difference between a minor disruption and a crisis.
Many organizations struggle because they’ve been sold tools instead of outcomes. They have frameworks without context, reports without resolution and strategy sessions that end in yet another to-do list. That’s where we’ve chosen to take a different path.
At NWG, we believe the path forward involves building the right partnerships, asking better questions, collaborating with your leadership and taking deliberate, informed steps toward resilience.
If you’re ready to have that conversation, we’re here, not just to advise, but to act.
Published By: David Howard, President, NetWorks Group
Publish Date: July 10th, 2025
Security news, tips, webinars, and more straight to your inbox.