Global structural pressures

Volatility beyond financial cycles

Operational disruption, cyber incidents and supply shocks increasingly affect earnings continuity.

Regulatory resilience expectations

Supervisors now assess continuity, recovery and security — not only financial ratios.

Duration risk exposure

7–15 year capital cycles require performance persistence under stress, not just growth in stable periods.

Reputation-linked valuation impact

Material operational failures can reduce valuation multiples by 10–30% in infrastructure and security-relevant sectors.

What we do

Embedding resilience into value measurement

We treat resilience as a measurable economic dimension — not as narrative.

We:

define board-level resilience KPIs alongside financial metrics
measure operational uptime and Mean Time to Recovery (MTTR)
track cyber metrics (RPO adherence, detection-to-containment time, test success rates)
quantify supply chain concentration and single-point-of-failure exposure
monitor regulatory findings and remediation velocity
integrate resilience impact into capital allocation decisions
align incentives partially with continuity and recovery performance
review resilience indicators quarterly at governance level

Entrepreneurship remains rewarded.
Stability becomes rational.

Structural outcome

More durable cash flows

Reduced volatility through faster recovery and fewer severe disruptions.

Lower downside severity

Measured and managed recovery metrics limit loss magnitude.

Regulatory confidence

Structured resilience tracking strengthens supervisory relationships.

Valuation stability

Demonstrated continuity supports longer-duration capital and premium multiples.

Traditional performance measures are backward‑looking.
They describe what happened in stable conditions.

In system‑critical industries – infrastructure, secure digital architecture, advanced industrial systems, defense‑adjacent technologies – this is not sufficient. Value is created when systems remain operational under stress, recover quickly, and learn from disruption.

Resilience therefore becomes a measurable dimension of value creation.

The objective is simple:
Move from “Did we earn enough?” to “Can we continue to earn under stress, and how reliably?”

Resilience as an economic dimension

Resilience can be observed along three axes:

Readiness – how well prepared systems and organisations are before disruption.
Response – how they behave during disruption.
Recovery – how quickly and how fully they return to an acceptable state.

In finance, EBITDA is a proxy for operating performance.
Resilience metrics become proxies for duration and survivability of that performance.

For boards, investors and management, this means:

Treating resilience as an asset that can be strengthened or eroded.
Measuring it with the same discipline applied to financial KPIs.
Integrating it into strategy, capital allocation and incentive systems.

Cyber and information resilience metrics

In a digitised, regulated environment, information resilience is a core part of system stability.

Illustrative metrics:

Data integrity and recovery

Recovery Point Objective (RPO): how much data (time window) can be lost without unacceptable damage.
Actual data loss in tests or real incidents relative to defined RPO.
Success rate of data restoration tests.

Cyber resilience

Percentage of critical systems covered by recognised security frameworks.
Frequency and outcomes of penetration tests and red‑team exercises.
Time from detection to containment of significant cyber incidents.

Business continuity testing

Frequency of business continuity and disaster recovery exercises.
Percentage of critical functions covered by tested plans.
Ratio of successful to failed or incomplete tests; time to close identified gaps.

Value is created when:

Systems not only resist attacks, but recover in predictable ways.
Data remains trustworthy.
Authorities, customers and partners can rely on the company’s ability to operate after an incident.

Supply chain and infrastructure resilience metrics

For companies embedded in physical or digital infrastructure, supply and asset resilience are central.

Supply chain resilience

Mean Time to Recovery for key suppliers and critical inputs.
Number of single points of failure in the supply chain; share of volume depending on them.
Percentage of critical suppliers with verified continuity or resilience plans.

Inventory and buffer

Coverage days of critical inventory under disruption scenarios.
Ability to reroute flows or substitute inputs within defined time frames.
Share of production capacity that can be maintained with existing buffers.

Infrastructure robustness

Proportion of critical assets meeting defined resilience or hardening standards.
Frequency and severity of infrastructure‑related incidents.
Results of stress tests for key sites, networks or nodes.

These metrics make visible whether a company can maintain operations when external shocks occur – a crucial aspect of long‑term value.

Organisational and cultural resilience metrics

Resilience is also a function of people, decision processes and culture.

Talent and continuity

Retention rates in critical roles and functions.
Time to fill key positions in risk, operations, technology and compliance.
Depth of succession planning for leadership in system‑relevant areas.

Training and preparedness

Percentage of staff in critical functions trained on continuity and crisis procedures.
Participation rates and performance in simulations and exercises.
Time between identification of a gap and completion of corrective training.

Decision and learning

Number of major incidents or near‑misses that lead to documented improvements.
Time from incident to implementation of agreed remediation actions.
Existence and use of structured post‑incident reviews.

These indicators show whether resilience is a one‑off project or a continuous organisational capability.

External confidence and regulatory resilience

In regulated, system‑critical sectors, perception by authorities, partners and markets is part of resilience.

Regulatory resilience

Number of material regulatory findings related to continuity, security or risk.
Time to resolve supervisory issues.
Progress against recognised resilience, continuity or security standards.

Partner and ecosystem confidence

Share of key contracts that include resilience performance clauses.
Satisfaction or confidence scores from critical customers on stability and reliability.
Inclusion in or exclusion from preferred supplier lists for system‑critical services.

Disclosure and transparency

Quality and clarity of resilience‑related disclosures in reports and communications.
Consistency between stated resilience posture and measured indicators.

These metrics reflect an external view: is the company regarded as a reliable, resilient part of larger systems?

Integrating resilience metrics into value creation

To move beyond EBITDA, boards and investors can embed resilience metrics into three core processes:

Strategy

Define resilience objectives alongside financial objectives.
Link major strategic initiatives to expected changes in resilience indicators.
Use scenario analysis to test performance of systems, not just financial statements.

Capital allocation

Treat investments in redundancy, security, continuity and governance as value‑creating, not purely as cost.
Evaluate major projects against both EBITDA contribution and impact on resilience metrics.
Establish thresholds: projects that weaken resilience metrics require explicit justification or compensating measures.

Incentives

Align management incentives partly with resilience outcomes: availability, recovery times, continuity, audit results.
Avoid structures that reward short‑term earnings at the expense of long‑term stability.
Recognise teams for documented improvements in resilience indicators, not only for revenue growth.

In system‑critical sectors, resilience and value are not separate topics.
Resilience is the condition for value to persist.

A concise resilience scorecard for boards

For practical use, a board‑level scorecard can group metrics into a small, stable set of indicators, for example:

Operational

Uptime of critical services.
Mean Time to Recovery after defined incidents.

Information and cyber

Success rate of recovery tests.
Time from detection to containment for significant cyber events.

Supply and infrastructure

Number of single points of failure above defined thresholds.
Mean Time to Recovery for critical suppliers.

Organisation

Retention rate in critical roles.
Completion rate of continuity and crisis training.

External and regulatory

Number of unresolved material regulatory findings.
Outcomes of major external resilience assessments or audits.

Each indicator can be tracked over time, with clear target ranges and thresholds for escalation.

Measuring value creation beyond EBITDA through resilience metrics changes the conversation at board and investor level. The central question is no longer only “How much did we earn?” but “How robust is the system that generates these earnings – and how will it behave when conditions change?”

These resilience metrics are particularly relevant for institutional investors such as family offices and sovereign capital, as outlined in the capital partner framework. Capital Partner Profile for Family Offices and Sovereign Capital .

Alternative value metrics and long-term performance measurement are increasingly discussed in infrastructure investment frameworks and institutional reporting standards such as those described by the OECD pension investment framework.

Wie gesehen

Fokus

Unbemannte Luft-, See- und Bodensysteme, autonome Plattformen, KI-gestützte Sensorik und Bildintelligenz sowie sichere cyber-physische Systemarchitekturen.