Hold tight Hi there!

Advisory

Cyber Resilience

What we do.

We help organisations design, test, and embed cyber resilience capabilities that are proportionate, evidence-based, and auditable - without adding unnecessary complexity. Our services cover the full resilience lifecycle:

Robert Dreyer - MSc RO
E: robert@riskboutique.nl T: +31 (6) 40 88 37 01

Resilience Framework Design

We develop or enhance your Cyber Resilience Framework, ensuring alignment with supervisory expectations (e.g. ISO, DORA, NIS2, DNB Good Practices). 

Our approach includes: 

  • Defining critical business services and mapping end-to-end dependencies (processes, systems, people, and vendors)
  • Clarifying impact tolerances - understanding what level of disruption your organisation can realistically absorb
  • Establishing governance structures and escalation paths that are effective in practice, not just on paper

We focus on proportionality: frameworks that fit your organisation's size, complexity, and regulatory footprint. 

Business Continuity & Crisis Management

We review or design your Business Continuity Management (BCM) and Crisis Response Plans, integrating them into the larger resilience framework. 

Our deliverables include: 

  • Streamlined continuity plans that prioritise practicality over paperwork
  • Scenario-based crisis simulations and “table-top exercises” for management teams
  • Clear communication playbooks for internal and external stakeholders

Our goal: to make crisis governance second nature - structured, rehearsed, and credible. 

IT & Cyber Resilience

Because technology is at the heart of resilience, we work closely with IT and security teams to assess and strengthen IT continuity and cyber recovery capabilities. 

We review: 

  • Backup and recovery architectures
  • Incident response playbooks
  • Disaster recovery testing results
  • Integration with ICT risk and information-security policies 

We ensure that resilience controls are not just documented but demonstrable - verifiable in real time when it matters most. 

Third (and Fourth)-Party Dependency Management

Modern organisations depend on a web of external suppliers and platforms. 

  • We perform dependency mapping and critical vendor assessments to identify concentration risks and single points of failure
  • We also review contract clauses, exit plans, and SLA frameworks to ensure alignment with DORA and DNB expectations
  • When necessary, we help design outsourcing governance dashboards - giving management a clear overview of critical suppliers, resilience maturity, and risk exposure 

Scenario Testing & Validation

Resilience without testing is theory.

We design plausible but challenging scenarios to test your ability to respond and recover within impact tolerances. 

Our methodology covers: 

  • Table-top and live simulations for management and IT teams
  • Joint testing with key vendors
  • Review of post-incident lessons learned and continuous improvement tracking
  • Testing doesn’t need to be heavy - but it does need to be honest
Robert Dreyer - MSc RO
E: robert@riskboutique.nl T: +31 (6) 40 88 37 01

Cyber Resilience
as a Service 

When resilience requires dedicated ownership, we provide Cyber Resilience as a Service (CRaaS), offering temporary or long-term resourcing within your organisation. 

Our network of over 80 independent professionals includes operational risk managers, crisis coordinators, and resilience leads who can seamlessly step in to either strengthen your NFRM function or support a specific remediation or audit cycle. 

Every expert follows the same Risk Boutique philosophy: independent, pragmatic, and connected. 

Our network of experienced consultants brings a rare blend of regulatory knowledge and operational pragmatism.

We have helped organisations to design DORA-compliant resilience frameworks, align with DNB Good Practices, and implement cross-functional testing programmes. 

Our consultants have backgrounds in banking, payments, energy, and government - allowing us to transfer best practices across sectors while tailoring them to your context.

What you gain

Cyber resilience goes beyond security controls to operational continuity.

Regulatory confidence. Evidence that aligns with DORA, NIS2, and DNB Good Practices, ready for supervisory review.

Organisational clarity. Clear understanding of critical services, dependencies, and recovery responsibilities.

Efficient continuity. Reduced downtime, faster response, and stronger internal coordination in the event of disruption.

Board assurance. Concise, transparent reporting that connects resilience metrics with business impact.