Is Resilience Core?

“Can we demonstrate, with evidence, that our most important services will remain within acceptable limits during severe but plausible disruption?”

Yes. Strong business continuity and operational resilience capabilities are now core business necessities because organizations face an increasingly fractured risk landscape shaped by geopolitical, environmental, societal, and technological disruption.

Recent FCA observations also say that outages, cloud-service incidents, and cyber-attacks have reinforced the need for strong resilience and for treating it as a core business capability, not a side exercise.

Why now

The case is stronger today because disruption is no longer an occasional exception; it is part of the operating environment. The World Economic Forum says current risks span short-, medium-, and long-term horizons, which means leaders have to manage immediate shocks while also preparing for deeper structural threats.

The practical triggers are familiar: cyber incidents, third-party outages, supply-chain dependencies, and broader instability. The global average cost of a data breach reached USD 4.88 million last year, showing that failure to prevent, absorb, and recover from disruption has direct, significant financial consequences.[1]

What these capabilities do

Business continuity helps an organization keep critical activities going or restore them quickly after disruption, while operational resilience focuses on keeping important services within tolerable limits even under severe but plausible scenarios. That difference matters because firms are judged not only on whether they have plans, but on whether customers, revenue, compliance, and trust can survive a real-world shock.

What strong looks like

Strong capability usually means a few things are in place and actually work: clear governance, identified critical services, mapped dependencies, tested recovery strategies, and evidence that leaders understand where tolerances could fail.

Stronger firms are using board-ready self-assessments, rigorous testing, third-party scrutiny, and investments such as immutable backups, standby data centres, and alternate processing capability.

Just as important, resilience has to be dynamic rather than static. Scenarios that once seemed implausible may now be more likely, so firms need regular review, annual assessment, and ongoing adaptation rather than one-off compliance activity.

Leadership view

For boards and executives, this is now a strategic capability, not simply a risk or compliance program. Firms that invest in operational resilience are better positioned to innovate, attract customers, support market confidence, and sustain long-term growth.

Resilience is most valuable when it is evidenced, tested, and embedded into organizational capability rather than documented only in plans.

In current conditions, the better question is no longer whether these capabilities are important, but how mature they are and whether they are strong enough for the disruptions a firm is now likely to face.

Sources
[1] at a glance: Time-consuming… https://www.ibm.com/think/insights/cost-of-a-data-breach-2024-financial-industry
[2] Global Risks Report 2025 | World Economic Forum https://www.weforum.org/publications/global-risks-report-2025/
[3] The Global Risks https://reports.weforum.org/docs/WEF_Global_Risks_Report_2025.pdf
[4] Global Risks 2025 https://www.youtube.com/watch?v=ZByv6OZCoAg
[5] Global Risks 2025 | World Economic Forum Annual Meeting 2025 https://www.youtube.com/watch?v=tT1o33Ph_Ns
[6] Global Risks Report 2025 – WITA https://www.wita.org/atp-research/wef-global-risks/
[7] UK Operational Resilience Rules: Are You Ready for 31 March 2025? https://www.sidley.com/en/insights/newsupdates/2025/01/uk-operational-resilience-rules-are-you-ready-for-31-march-2025
[8] Global Risks Report spells out top risks for 2025 and beyond | Zurich https://www.zurichna.com/knowledge/articles/2025/02/global-risks-report-spells-out-top-risks-for-2025-and-beyond
[9] Insights from IBM’s 2024 Cost of a Data Breach Report | Enzoic https://www.enzoic.com/blog/ibms-2024-cost-of-a-data-breach/
[10] Operational resilience: insights and observations one year on – FCA https://www.fca.org.uk/publications/good-and-poor-practice/operational-resilience-insights-observations-one-year
[11] The Global Risks Report: These are the top risks facing the world in 2025 https://www.zurich.com/insights/business/the-global-risks-report-2025
[12] 2024 IBM Breach Report: More breaches, higher costs https://blog.barracuda.com/2024/08/20/2024-IBM-breach-report-more-breaches-higher-costs
[13] Operational Resilience Regulation 2025 Deadlines – Riskonnect https://riskonnect.com/operational-resilience/operational-resilience-regulation-2025-deadlines/
[14] Global Risks Report 2025 – Knowledge for policy https://knowledge4policy.ec.europa.eu/publication/global-risks-report-2025_en
[15] 7 Key Takeaways From IBM’s Cost of a Data Breach Report 2024 https://www.zscaler.com/blogs/product-insights/7-key-takeaways-ibm-s-cost-data-breach-report-2024

Unknown's avatar

Author: John Salter & Associates Consulting Services

John Salter - specialising in the facilitation of risk-based capability reviews; needs-based training; business continuity planning; crisis management exercises; and organisational debriefing. Recognised for “preventing disasters, or where that is not possible, reducing the potential for harm” Ref: Barrister H Selby, Inquest Handbook, 1998. Distracted by golf, camping, fishing, reading, red wine, movies and theatre.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.