Go to content
We are the #1 Microsoft partner
#1 Microsoft partner of NL
Console Courses Working at (NL)
language_nl language_be
Home Security Blogs Security in 2026: control is no longer an IT issue

Security in 2026: control is no longer an IT issue

Blogs CDC (Cyber Defense Center) Gitte Thijssen
7-5-2026
This article is automatically translated using Azure Cognitive Services, if you find mistakes, please get in touch

Security in 2026: control is no longer an IT issue

For IT decision-makers, CISOs and directors who have to organize cyber resilience in a manageable and demonstrable way towards customers, regulators and their own organization.

In 2026, security will no longer be just about technology. With the advent of the Cybersecurity Act and NIS2, cyber resilience is increasingly shifting to the boardroom. Organizations must not only have their own security in order, but also keep a grip on risks within the chain, suppliers and cloud environments.

This became visible when a supplier of electronic patient records, active in a large number of Dutch hospitals, was hit by a ransomware attack. Not one organization, but an entire digital chain was affected. This also raises the question that many directors are asking: how do you organize demonstrable cyber resilience without security becoming fragmented across separate tools, suppliers and processes?

What does the Cybersecurity Act really change for the board?

The Cybersecurity Act makes cyber resilience an administrative responsibility. Organizations must be able to demonstrate:

  • How risks are managed.
  • Who is responsible for decision-making.
  • How incident response is set up.
  • And how quickly the organization can act in the event of threats or disruptions.

For administrators, the focus shifts from policy to provability. Not only what is set up, but also how it works in practice.

Three patterns we see in the market

In conversations with IT directors and CISOs , we see roughly three ways in which organizations organize their cyber resilience. Each model can make sense from the stage an organization is in. At the same time, each model has consequences for grip, provability and speed of action. 

1. Strategic advice without operational clout 
Organizations have roadmaps, risk analyses and governance models, but lack a party that can actually intervene when things get tense. This creates a vulnerable gap between policy and practice. A lot has been arranged on paper, but in the event of an incident, the implementation appears to be insufficiently organised. 

2. Operational monitoring without strategic anchoring 
There is 24/7 monitoring, tooling and alerting, but the connection with governance, compliance and architecture choices is missing. The organization sees many signals, but cannot always translate them into administrative management information or demonstrable improvement actions. This means that security remains mainly reactive. 

3. Strategy and operations under one direction 
When risks, policy, monitoring and incident response are organized in conjunction, more predictability is created. Ownership is more clearly allocated, response times become measurable and decision-making is better substantiated. This not only helps in the daily operation, but also in the accountability to the management and supervisors. 

What does it cost if the chain breaks?

The incident at the supplier of the electronic patient record shows where the real impact of cyber incidents will arise in 2026. Not only within one organization, but especially in the chain. When a supplier fails, portals, processes, data flows, and dependencies at dozens or even hundreds of other organizations are disrupted. 

Those who only look at their own environment therefore miss an important part of the risk. The attack surface also includes vendors, interfaces, shared identities, and systems that critical processes rely on. 

Without strategic anchoring, security remains mainly reactive. Without operational strength, resilience remains primarily a policy intention. Only when strategy and operations come together does grip arise: chain risks become visible, incidents become manageable more quickly and the board has the information needed to explain and justify choices. 

How Wortell organizes management: from governance to 24/7 response 

Wortell helps organizations to make cyber resilience manageable and feasible. We connect strategic security advice with operational execution within one cohesive approach. We translate laws and regulations, such as NIS2 and the Cybersecurity Act, into clear choices about policy, ownership, risk acceptance and decision-making. 

Those choices do not remain on paper. Through Managed eXtended Detection & Response, delivered from the Wortell Cyber Defense Center, we ensure continuous detection, follow-up and response. This creates a direct connection between what has been agreed administratively and what happens operationally when threats arise. 

At a strategic level, we bring governance, compliance and architectural choices together in a story that can be explained to management and supervisors. At the operational level, we ensure 24/7 monitoring, rapid response and transparent reporting. We enrich sector-specific threat information through relevant collaborations, including that with Z-CERT, the sectoral CERT for Dutch healthcare. And all this from an AI-first security strategy: with smart automation, faster interpretation of signals and better support for analysts, so that organizations can respond faster and manage in a more targeted way. 

Questions that make administrative control visible

  • Who owns both security policy and its implementation within our organization?  

  • How do we make compliance towards regulators traceable today?  

  • What are our actual detection and response times in the event of an incident and what do we base them on?  

  • Do we have visibility into our entire attack surface, including cloud environments, identities, and critical vendors?  

  • Where do we actively manage risk, costs and continuity before an incident forces us to do so?  

Organizations that cannot answer these questions clearly usually have no shortage of security resources. Above all, they lack coherent direction. 

From insight to controllable cyber resilience 

Wortell's  Security approach helps directors and CISOs to organize strategy, governance, monitoring and incident response in a coherent way. Not as a separate security service, but as part of business operations and administrative accountability. 

If you want to know where the organization stands, you start with factual insight: how risks are managed, how quickly incidents are recognized and followed up, and where dependencies in the chain affect continuity. From that insight, the choices that will make a difference in the next eighteen months become visible. 

Information

MxDR

Do you want to discover how we can help your organization further in the field of MxDR?
Read more
Discover the possibilities

Get in touch

Feel free to contact us to discuss the possibilities. 
Contact