Lumen APAC

Transformation just got a lot easier

Security
From the Trust Gap to the Execution Gap
Kavya Balabadruni Posted On March 5, 2026
From the Trust Gap to the Execution Gap

Why Resilience Must Be Practiced, Not Promised

The incident did not begin with malware.

It began with hesitation.

A regional disruption escalated quickly. Regulatory constraints limited data movement. A containment decision needed to be made before the business day opened in multiple markets. The organisation had a cyber incident response plan. It had been reviewed. Approved. Tabled at committee.

Yet in the moment that mattered most, the question was not what should we do?

It was who is authorised to decide—right now?

By the time clarity emerged, the window for graceful containment had closed.

This is not an unusual story. Across the Asia Pacific region, I am seeing a pattern repeat itself: organisations are investing heavily in resilience, yet discovering – often the hard way – that resilience fails not at the design stage, but at the execution stage.

In 2026, this gap will matter more than any single technology decision.

From latency to trust – and now execution

In my first Executive Briefing, I argued that the defining challenge of 2026 would be the

Latency Gap: the growing distance between where data is generated and where decisions must be made. As intelligence moves closer to the edge, architectures optimised for centralisation are becoming a competitive constraint.

In the second, I explored the

Trust Gap: the uncomfortable reality that trust is no longer a policy, certification, or audit outcome. Trust has become a systems behaviour, proven only under stress. A system that requires manual coordination during crisis may be compliant—but it is not trustworthy.

The natural question that follows is this:

Can organisations actually execute when those assumptions are tested?

This is where many strategies quietly break.

Execution Gap: the space between what leadership believes will happen during a crisis—and what actually happens at 3 a.m., under time pressure, regulatory scrutiny, and incomplete information.

Most resilience strategies fail not because they are wrong, but because they are unproven.

Plans exist. Playbooks are written. Governance frameworks are in place. Yet when disruption strikes, decisions slow, dependencies surface, and human coordination becomes the bottleneck.

In boardrooms, this often shows up as surprise:

  • “We didn’t realise those systems were interdependent.”
  • “We assumed recovery would be faster.”
  • “We thought authority was clear.”

These are not technology failures. They are execution failures.

Why Resilience breaks in real life

When you examine major cyber or operational disruptions, three patterns appear consistently.

1. Hidden dependencies surface too late

Modern enterprises are dense ecosystems of platforms, partners, identities, and shared services. On paper, many of these look isolated. In reality, they are tightly coupled.

During normal operations, this complexity is invisible. During disruption, it becomes decisive. What was assumed to be a local failure cascades across regions. What was thought to be technical becomes a business continuity issue.

The “complexity tax” that seemed manageable in steady state becomes an existential risk when systems are under pressure. Boards rarely lack awareness of complexity. What they often lack is visibility into which dependencies actually matter under stress.

2. Decisions exist only in theory

Many organisations have incident response plans that have never been tested under realistic conditions.

Tabletop exercises are discussed, not timed. Escalation paths are documented, not rehearsed. Critical decisions—system isolation, data access restriction, customer communication—are assumed to be “obvious” until they are not.

Under pressure, ambiguity expands. People wait for confirmation. Authority diffuses. Time is lost.

Resilience is not about having the right answer on paper. It is about making the right decision fast enough.

3. Manual coordination is treated as a feature, not a risk

Perhaps the most dangerous assumption is this: that skilled people will simply “step in” when automation falls short.

Heroics feel reassuring. They are also fragile.

If resilience depends on perfect human coordination during crisis—across time zones, teams, and third parties—it is not resilient. It is hopeful.

In 2026, attackers operate at machine speed. Regulatory clocks do not pause. Markets do not wait. Systems that require human alignment for every critical action will always be slower than the disruption they are trying to contain.

A simple test for leadership: stress‑testing trust

Rather than asking whether an organisation is “cyber resilient,” I now encourage boards and CEOs to ask a different set of questions—ones that focus on execution, not intention.

1. When conditions change suddenly, can we continue operating without waiting for new approvals? If every major action requires ad‑hoc consensus, speed will be lost.

2. Do we know which systems must recover first—and have we proven that sequence works? Priority is easy to declare. Much harder to demonstrate.

3. Which crisis decisions are pre‑authorised, and which still rely on individuals? Ambiguity here guarantees delay.

4. When was the last time we tested recovery under real time pressure? Not discussed. Not reviewed. Actually tested.

5. Can leadership track resilience maturity the same way it tracks financial or safety risk? If progress cannot be seen, it cannot be governed.

These are not technical questions. They are questions of preparedness.

What closing the execution gap looks like

Organisations that are closing the execution gap tend to make a few deliberate moves early.

First, they define minimum viable operations. Not everything must survive disruption. What must survive is made explicit, agreed, and defended by design.

Second, they convert assumptions into proof. One recovery drill, run under realistic constraints, will surface more risk than a year of planning discussions. Timing matters. Observation matters. Learning matters.

Third, they remove human bottlenecks where delay is most damaging. This does not mean automating everything. It means deciding—in advance—which actions should happen by default, and which truly require escalation.

None of this requires perfect architecture. It requires leadership intent.

Resilience as a leadership discipline

In 2026, resilience is no longer a capability organisations can simply declare. It is something they must demonstrate—repeatedly, visibly, and under pressure.

Trust is no longer earned through policy statements or audit results. It is earned by showing that the organisation can continue operating, securely and responsibly, when assumptions break.

The most important question for leadership today is not whether a disruption will occur.

It is whether the organisation has practiced responding as one—before it has to.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue. Services not available everywhere. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2026 Lumen Technologies. All Rights Reserved.


Related Post

A Cynic’s Guide to the Cybersecurity Zoo (Where Every Animal Thinks It’s the Main Attraction)
October 23, 2025
MDR vs IR: Taking the best approach for your organisation
July 1, 2024
Stay ahead of the curve by investing in cybersecurity
April 9, 2024