How the Digital Value Management System (DVMS) Can Help UK Organizations Build Cyber Resilience
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
Introduction: The Rising Tide of Cyber Threats in the UK
The United Kingdom is experiencing an alarming surge in cyber-attacks targeting private enterprises and critical national infrastructure. From ransomware that shuts down hospitals and city councils to supply chain compromises impacting energy and transport networks, these attacks are growing in frequency and sophistication. The financial, operational, and societal impacts are severe—crippling businesses, undermining public trust, and straining emergency response capabilities. In this high-risk environment, traditional cybersecurity approaches, often reactive and siloed, are proving inadequate. UK organizations need a paradigm shift in perceiving and managing cyber risk. The Digital Value Management System® (DVMS) offers a systemic, scalable, and business-aligned approach to building cyber resilience.
Cyber Resilience: More Than Just Cybersecurity
Cyber resilience is not simply about preventing breaches; it is about ensuring the organization can continue to operate, adapt, and recover when—not if—an attack occurs. The DVMS elevates the conversation from technical cybersecurity to enterprise risk management and organizational resilience. It treats creating, protecting, and delivering digital business value as a core capability. This approach recognizes that protecting digital value is as critical as creating it and that resilience is the by-product of managing digital business risk holistically.
Instead of viewing cybersecurity as an isolated IT function, the DVMS integrates it across strategic planning, governance, culture, operations, and innovation. This aligns cybersecurity objectives with broader business goals, ensuring protection mechanisms are proactive rather than reactive.
A Systemic Overlay for All Organizations
The DVMS is not a new framework or methodology but an overlay. It sits atop what an organization already does, helping to expose performance gaps and align existing processes to support resilience outcomes. This makes it especially relevant for UK organizations of all sizes and sectors, including small and medium enterprises (SMEs) and public sector bodies, many of which struggle to implement and sustain complex cybersecurity frameworks.
At its core, the DVMS introduces seven Minimum Viable Capabilities (MVCs): Govern, Assure, Plan, Design, Change, Execute, and Innovate. These capabilities provide a comprehensive lens through which organizations can view and manage their digital business activities. By mapping existing practices to these core capabilities, UK organizations can uncover weaknesses, prioritize improvements, and operationalize security strategies.
Aligning with the NIST Cybersecurity Framework 2.0
The DVMS is designed to complement and enhance the NIST Cybersecurity Framework (CSF) 2.0—a globally recognized model for managing cybersecurity risk. The NIST CSF introduces six key functions: Govern, Identify, Protect, Detect, Respond, and Recover. The DVMS strengthens the implementation of these functions by ensuring they are embedded in business strategy, supported by leadership, and sustained through cultural alignment and continuous learning.
For example, the DVMS ensures that the Govern function is not just a policy document but an active leadership commitment that informs every part of the organization. It also reinforces the Recover function by making resilience a continuous improvement process, not just an emergency response plan. In essence, the DVMS transforms the CSF from a cybersecurity checklist into a dynamic system of digital risk governance.
Culture, Leadership, and Strategy-Risk
A recurring theme in the DVMS is the inseparable link between culture, leadership, and resilience. Cybersecurity failures are often not technical but cultural and structurally rooted in poor governance, inadequate training, and a lack of accountability. The DVMS tackles these challenges head-on by positioning culture as a lever for change. It uses systems thinking to connect behaviors, structures, and outcomes, and it provides tools like the Cultural Web and the CPD (Create, Protect, Deliver) Model to help leaders reframe how they see their organizations.
Another key contribution of the DVMS is the concept of strategy-risk—the idea that strategy and risk are two sides of the same coin. Every business decision has embedded risk, and every risk decision impacts strategy. The DVMS ensures that these considerations are addressed simultaneously, guiding leaders to make decisions that are informed, adaptive, and aligned with both operational realities and strategic intent.
A Phased Approach to Maturity and Resilience
Cyber resilience cannot be achieved overnight, especially in resource-constrained environments. The DVMS introduces the FastTrack™ approach—a phased, iterative roadmap that allows organizations to build resilience progressively:
- Initiate (Phase 0): Define the scope of digital risk and stabilize foundational capabilities.
- Basic Hygiene (Phase 1): Establish essential safeguards, improve visibility, and reduce known vulnerabilities.
- Expand (Phase 2): Scale protections and controls across teams, partners, and supply chains.
- Innovate (Phase 3): Embed continual improvement, learning, and innovation into the system.
This model supports rapid deployment and long-term sustainability, enabling even smaller UK organizations to develop maturity in cybersecurity and resilience practices without becoming overwhelmed.
Proactive Risk Management and Threat Anticipation
The DVMS encourages UK organizations to adopt a proactive, intelligence-driven posture. It teaches leaders and practitioners to “be the menace”—to think like adversaries and identify vulnerabilities before exploiting them. Techniques like the “Five Whys,” root cause analysis, and systems mapping help organizations uncover and fix systemic weaknesses, from outdated software to cultural blind spots.
The 3D Knowledge Model—another DVMS innovation—helps organizations visualize how teams interact across time, functions, and strategic alignment. This facilitates better communication, decision-making, and coordination across departments, reducing the likelihood of siloed risk management that attackers can exploit.
Relevance to UK Critical Infrastructure
Due to their societal importance, critical infrastructure sectors—energy, healthcare, finance, and transportation—are prime targets for cyber attackers. The DVMS provides a vital toolset for these organizations to operationalize the NIST CSF in a way that accounts for their unique regulatory, operational, and mission-specific constraints.
For instance, public sector organizations can use the DVMS to improve governance transparency, foster a security-aware culture among staff, and ensure resilience in digital service delivery. Meanwhile, private infrastructure providers can adopt the strategy-risk model to ensure continuity of operations in the face of growing supply chain attacks and regulatory pressures.
Conclusion: A National Opportunity for Resilience
In the face of escalating cyber threats, UK organizations must evolve from viewing cybersecurity as a compliance obligation to embracing cyber resilience as a strategic imperative. The DVMS offers a scalable, business-aligned approach to achieving this transformation. By embedding cybersecurity into governance, culture, planning, and innovation—and by supporting the implementation of the NIST CSF 2.0—the DVMS empowers UK businesses and institutions to defend their assets and their missions.
As attacks become more sophisticated and relentless, resilience becomes the hallmark of national security, economic stability, and public trust. The DVMS stands as a practical, proven pathway to this goal—one that UK organizations can and must follow to thrive in today’s digital world.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”
The DVMS Institute’s Certified Training Programs teach organizations the skills to build a Holistic and Culture-Aligned Overlay System capable of coordinating Adaptive, Governance, Resilience, and Assurance actions across a Complex Digital Ecosystem.
Achieving true cyber resilience across a complex digital ecosystem requires seamless alignment between organizational Strategy, Governance, and Operations, underpinned by a culture dedicated to sustaining and continuously innovating organizational digital value.
The DVMS positions cyber resilience as a strategic, enterprise-wide capability powered by the Institute’s CPD, Z-X, and 3D Knowledge models.
This systems-based approach to cyber operational resilience demands active engagement from all members of the Digital Ecosystem, with each member playing a distinct role in proactively identifying and mitigating the systemic risks that threaten digital business operations.
This adaptive, forward-looking approach to Governance, Resilience, and Assurance (GRA) positions businesses to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Drive Agility and Trust Across Your Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- ZX Model – The MVC’s that power operational resilience
- CPD Model – Adaptable governance and assurance
- 3D Knowledge Model – Enabling holistic organizational learning
- FastTrack Model – A phased approach to cyber resilience
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
