Prepare your business for the next unexpected cyber event
We help your organisation to make sure you have the ability to face and cope with adversity, adapt change, recover, learn, and grow from cyber security incidents. We combine our incident and crisis preparation consulting experience with technical knowledge and innovations in our unique cyber resilience service.
You gain quantitative insights into your current maturity level through our cyber resilience maturity scan
You gain insights into threats, risks and effects of an interruption to your critical business operations with our cyber resilience impact & risk analyses
You strengthen your organisational leaders through our leadership and cyber resilience workshops
You profit from structured and prioritized plans through our implementation of cyber resilience plans
Your people will get comfortable being uncomfortable through cyber resilience trainings
You experience highly realistic incident response and crisis management exercises, based on our expertise and experiences in the field.
Preparing for the worst and ensuring structure, information and communication
We share the philosophy of Dwight David Eisenhower which says: “Plans are worthless, but planning is everything”. Which freely translated means that reality will inevitably surprise you. Therefore, only having plans is not sufficient. Both plan and planning should be practised and tested. This way, you truly prepare for the complex dynamic situation that a cyber crisis holds. Preparation builds trust, increases cooperation between teams and increases the effectiveness of your (crisis) organisation.
To maximise the effect of our service on your organisation, we routinely develop practical cyber resilience plans based on blueprints and realistic risk-based scenarios. You can experience these scenarios in our workshops, trainings and exercises which allow you to adapt your plans to the practicalities in your organization. This way, when the inevitable happens, you are well prepared to quickly respond and recover as a team and as an organisation. In the heat of the moment, everyone will know what to do and how to do it, thereby ensuring you remain in control.
Leave your Cyber security to us!
Frequently Asked Questions
We can imagine that you have many questions. You can always contact us to learn more. Below are a few examples of questions that we can investigate further with you.
What is cyber resilience?
Resilience and cyber resilience have increasingly become buzzwords in recent years. The term is often used to refer to defensibility. We achieve this defensibility by integrating all organisational (Business), technical (Bytes) and human (Behaviour) aspects of Cyber Security in all our services within Northwave. Despite working hard every day to improve our clients' defensibility, the Northwave cyber resilience service® defines resilience as the ability to face and cope with adversity, adapt to change, recover, learn, and grow from cyber security incidents.
Why choose the cyber resilience service?
We offer the Cyber Resilience service based on a duration of 3 years. This timeframe allows us to effectively work together to elevate your organisation to the desired level of maturity over the course of 3 years. The service combines different activities aimed at limiting damage after a cyber crisis and simplifying recovery. In the event of an incident or a crisis, we offer a Rapid Response Service as an extension of the Cyber Resilience Service. Additional services that complement cyber resilience include the Managed Cyber Awareness & Behaviour service and the Managed Detection & Response service. See more information on these services on this website.
To optimise the cyber maturity development, the service period of 36 months is divided into 3 years with different focus points:
- 1st year: the implementation/reinforcement of an organisational governance and the set-up of a strategic/ tactical approach determine the design and execution of the 1st year program.
- 2nd year –the operational impact of a cyber incident on the organization is assessed in-depth and the procedures are implemented and tested.
- 3rd year – based on extensive assessments and trainings, the 3rd year focuses on chain dependencies between different teams, tactics, and tools within the cyber resilience process.
What components does the service comprise of?
- Our extensive Cyber Resilience Service consists of different components which includes annual assessments of your cyber maturity, tailor-made strategic, tactical, and operational plans, as well as innovative and interactive trainings and exercises to challenge your cyber resilience. The Service is supplemented by periodic meetings with your Northwave contact person.
- The underlying tools to efficiently conduct the personalized exercises and trainings.
The team, consisting of experienced cyber resilience professionals, carries out in-depth analyses of your company, translates gained insights into a Cyber Resilience service, and executes trainings and exercises that strengthen your companies’ cyber resilience.
What different types of training do you offer?
- Role Specific Training: Decision-makers in a crisis-team must practice managing different cyber crisis scenarios. This training is offered for specific roles such as a crisis team chairperson, crisis coordinator and logbook keepers.
- Crisis Decision Making: Training crucial capabilities to effectively manage a crisis, such as strategic leadership, decision-making, and personal resilience.
- Crisis Communication: Usage of best practices, development of pre-written statements and alternative delivery measures to ensure your team communicates swiftly and comprehensively during a cyber crisis.
What are the different types of exercises?
- Incident Response or Crisis Management Tabletop Exercise: Manage a cyber incident within your team. During a tabletop exercise, the participants are led through the scenario by our facilitator. Every participant receives new information at the same time and discussions can start right away. It is up to your team to manage the situation. Before, during, and after the exercise our facilitator will ask questions, evaluate, and provide advice to steer and help your team. All discussions, decisions, and set out actions take place within the ‘scenario bubble’ of the exercise room. This exercise-type is suited for organisations who are at the beginning of their cyber-resilience-maturity-journey.
- Incident or Crisis Simulation: During an incident or crisis simulation, we send individual customised information to your participants. They are challenged to communicate, collaborate, and exchange information on a more advanced level. The outside world is simulated by our response team. They ask andanswer questions, bring in new information, and serve as your counterpart in logging decisions throughout the exercise. Practice managing the cyber incident and engaging with relevant stakeholders (e.g., IT-service providers or vendors) without any risk.
- Semi-live Cyber Crisis Exercise: Semi-live exercises may involve multiple teams and locations, with lines of communication to different response teams. In this way, your teams practice with and against each other and therefore face 'real' stakeholders and real emotions. This increases the realism and ultimately your cyber resilience.
- Gold-teaming Cyber Crisis Exercise: We develop and launch a fully simulated cyber incident, using your existing IT network and architecture to create a customized and realistic scenario. IT, Crisis Management Teams, Business Continuity Teams, and executive board members are involved in the exercise to enhance understanding and response capability. This is the perfect combination of a red teaming with a live cyber crisis management exercise.
Are the components from the service also available separately as projects?
Yes, they can be. The Northwave Resilience team helps organisations improve their skills in incident response, crisis management and business continuity management. However, to increase maturity on these components, not ad hoc but continuously (PDCA cycle), we have developed the cyber resilience service. The cyber resilience service consists of a baseline of activities relevant to any organisation. The baseline can be extended with specific activities that match the organisation's risks or are relevant because an organisation is already relatively mature. Here, each evaluation of an activity is the input for the starting point of a subsequent activity. This allows us to work together very specifically on your maturity.
We are here for you
Need help with your cyber security or wondering how secure your business really is?
Get in touch and we will help you find the best solution.