Pedro Madeira, Chief Delivery Officer da IDW, a analisar métricas de segurança digital e arquitetura Zero Trust.

Cybersecurity: Why Resilience is a Habit, Not a Trophy

✏️ By Pedro Madeira, Chief Delivery Officer at IDW

At IDW, we have a golden rule: we don’t sell solutions we wouldn’t trust to protect our own home. However, we need to clarify something fundamental: in the real world of technology, there are no "definitive solutions" or states of absolute security.

Anyone trying to sell the idea of invincibility is ignoring the volatile nature of risk. In the Portuguese market, the impact of an incident is no longer just theoretical: the average cost of a security breach for our companies reached €95,000 in 2025 (Source: CNCS Portugal), proving that the lack of a resilience habit has a direct price on business continuity. To me, security is a living organism that demands continuous monitoring and correction.

Beyond Scores: Metrics of Evolution

Although we use market-leading auditing tools—such as BitSight, Rapid7, or Cyberint—which provide us with numerical scores or performance ratings, we don’t view these indicators as static medals. A green "check" today is merely an invitation to be better tomorrow.

Variables change by the hour. According to the Verizon Data Breach Investigations Report 2026, the average time between the discovery of a vulnerability and its exploitation has dropped to less than 24 hours (Source: Verizon DBIR). Therefore, our stance is never "job done." Our resilience is the result of constant self-assessment that forces us to adapt our defenses before threats adapt to us.

The Layers of Our Resilience (Eating our own "Dog Food")

To ensure that each employee’s work is independent of location and physical perimeter, we have consolidated an architecture built on what we believe in and implement for our clients:

  • Zero Trust & PAM: We have replaced traditional VPNs with ZTNA (Zero Trust Network Access). While only 28% of companies in Portugal have already consolidated this architecture (Source: IDC Portugal 2026), at IDW we believe that "always verified" access is the only way to mitigate the lateral movement of attackers. We went further and implemented internal PAM (Privileged Access Management) to ensure that administrative access is controlled and audited.
  • Compliance as a Strategic Compass: At IDW, compliance (aligned with the NIS2 directive and the Cyber Resilience Act) is not bureaucracy; it is an engineering pillar. It provides us with the necessary structure to maintain a secure and organized environment, serving as a guide for information integrity.
  • Protocol Hygiene: We maintain extreme rigor in the implementation of DNSSEC, SPF, DMARC, and DKIM. If an email from IDW is trustworthy, it is because we internally apply the same authentication rules that we recommend to our partners.

The Next Step: The Human Factor and AI

We know that technology alone is only half the battle. The future of our defense lies in the continuous reinforcement of User Awareness. With a 120% increase in phishing attacks perfectly tailored to the Portuguese context through Generative AI (Source: VisionWare 2026), the advanced simulations in our roadmap are our last and most critical line of defense. We believe that conscious users are the engine of organizational resilience.

An Operational Commitment

Cybersecurity at IDW is not a project with a delivery date; it is an operational commitment. We don’t promise that we will never fail, but we promise that we will never stop monitoring, correcting, and evolving.

It is this transparency and this culture of continuous improvement that we bring to every Delivery project and every client. Because your resilience inevitably begins with ours.

Discover how the right technology can transform your business.

Are we going to build solutions together?

Contact us
Contact us