Digital resilience is a matter for top management
 (2).jpg)
Despite their focus on cybersecurity, many large Dutch organizations still have some way to go to better prepare themselves for cyber threats. This is evident from recent research commissioned by KPN among mainly larger organizations, three-quarters of which have more than 150 employees and over 63 percent of which are active in vital sectors such as energy, healthcare, transport, government, and financial services. Compliance with legislation and regulations such as NIS2 and DORA is at the top of the priority list, followed by the safe use of AI, employee awareness and behavior, secure cloud environments, and identity and access management. These priorities reflect the reality of modern organizations: hybrid working is the norm, the cloud is well established, AI is being rapidly adopted, and digital incidents are increasingly occurring in complex chains of suppliers, platforms, and partners.
In such an environment, absolute security is an illusion. Security based on the traditional ‘castle model,’ with strong outer walls to keep out attackers, is completely inadequate. It is important to not only prevent digital disruptions but above all to ensure that an organization can recover quickly and limit the damage if something does go wrong. This is only possible if the organization does not rely solely on the knowledge of firewalls and virus scanners, but focuses on integrated risk management, with attention to issues such as data governance, supply chain risks, and crisis management.
Just like in the game of Mikado, where removing a single stick can cause the entire structure to collapse, in the digital world a single ill-considered click or small mistake can have major consequences. Think of a data breach or a ransomware attack. A single vulnerability in an IT system can trigger a chain reaction that affects the entire organization or even multiple organizations. This is the reason not to rely solely on technical solutions, but to also focus on awareness, collaboration, and smart risk management.
Collaborate, do not compete
In practice, we see that collaboration is essential to increase our digital resilience. A good example of this is the Circle of Trust, a group of ten large companies in the Netherlands that actively share knowledge about cybersecurity at the highest level. When it comes to protecting our critical infrastructure, we should not want to compete in the digital security arena. By sharing knowledge and collaborating, we ensure
Retrospection
The question is how to actually achieve more resilience. And much of the answer lies in making digital resilience not only a matter for the IT department, but also for the boardroom. KPN's Management Scope interviews with CTOs and CIOs of companies leading the way in digital transformation show that this works.
At Royal FloraHolland, the world's largest floriculture marketplace, responsibility for the pace of digitization lay squarely with the board. This was necessary because participants' trust in the platform is directly linked to the way commercially sensitive data is protected. Only with robust governance, clear responsibilities, and external audits can that confidentiality be guaranteed.
At ING, the transition to cloud-native architectures shows that the biggest challenge is often not technical, but organizational and cultural. Employees need to understand how applications, infrastructure, and business processes are interrelated. Complete autonomy for teams sounds attractive, but at scale it can lead to fragmentation and risks. Standards and programmatic control remain necessary, especially for issues such as security and continuity.
In short, technological and organizational innovation is dependent on cultural change, and this applies equally to digital resilience. These can only grow when supported by the organizational culture and leadership.
In the coming years, the role of top management in increasing digital resilience will only become more important. Based on our experiences and the results of the KPN study, we identified three strategic shifts that will be decisive in this regard.
- The importance of tough choices is increasing
In a time of geopolitical uncertainty, increasing cyber threats, and growing dependence on digital chains, organizations can no longer afford to digitize haphazardly. Digital resilience starts with setting clear priorities: which processes must never fail, where are the critical dependencies, and what is the impact if systems or data are unavailable?
Board members face a clear challenge: ensure that fundamental measures are not overshadowed by larger transformation agendas, but are organized as non-negotiable pre-conditions. Security by design is not a luxury, but a strategic advantage. - Controlled adoption of AI is becoming increasingly important
AI is a powerful catalyst that fundamentally changes the way we work. At KPN, we also use AI, for example for personalized coaching and microlearning. The opportunities are great, but research shows that governance is lagging behind. Only forty-two percent of organizations actively monitor and regulate the use of AI tools, while a significant group does not. This increases the risks of data leaks, unwanted data use, and loss of control.
Control over AI is essentially control over the future of the organization. Managers must be able to explain where data comes from, how models are used, who has access, and what the recovery path is if systems fail. Costs, energy consumption, and sustainability are also playing an increasingly important role. Digital growth has a clear sustainability dimension: efficient, future-proof infrastructure is becoming a prerequisite for reliability and social trust. - Resilience is increasingly becoming an ecosystem issue The modern organization is not an island, but part of a network of suppliers, cloud providers, and chain partners. The study confirms that supplier risks and chain dependencies are widely recognized but still insufficiently safeguarded. European legislation such as NIS2 and DORA makes this explicit by holding organizations responsible for their entire digital chain.
As part of the Dutch critical infrastructure, KPN sees every day how vulnerable these supply chains are. A digital disruption rarely affects a single organization, but has an impact on entire sectors, from healthcare and logistics to government and financial services. Our role is therefore shifting from being merely a supplier of connections to being a partner in continuity and resilience, together with customers and partners in the ecosystem.
A matter for the boardroom
We live in a complex and unpredictable era that demands long-term management. Organizations build their future on vision, control, and resilience. Digital resilience is the new basis for sustainable growth, for companies, and for a digitally strong Europe. Digitization is not about pace, but about direction. Only by digitizing with vision, control, and resilience can organizations remain stable, innovative, and relevant. This is only possible when top management treats digital resilience as a significant priority.
This essay was published in Management Scope 02 2026.