What is operational resilience?

Operational resilience is a company's ability to serve its customers, provide products and services, and protect its workforce despite adverse events.

An organisation can be operationally resilient when they anticipate, prevent, recover from and adapt to adverse operational events. Such events may include hacks, fires, pandemics, weather and network outages.

We live in an unpredictable world. In today's challenging business landscape, operational risks abound and may come at completely unanticipated times. The COVID-19 crisis is a clear example — the emergence of a worldwide pandemic during the early months of 2020 threw worldwide business into complete disarray and many once-growing businesses stalled; others failed completely.

But amid these cautionary tales, there are those businesses that have been able to effectively batten down the hatches and weather the storm. What set these companies apart for success when so many other saw devastating loss? In many cases, the answer is operational resilience.

Business setbacks are inevitable. Systems will fail, cyberattacks will occur, local disasters will arise. And while worldwide pandemics may not be everyday (or every-generation) occurrences, other kinds of disruptions can and will arise. By identifying where your organisation's vulnerabilities lie and taking the time to develop your foundational elements, you can help your organisation prepare for and recover from disruptions quickly and with minimal impact on your customers.

Every function of business plays an important role in maintaining and promoting operational resilience. However, executive-level managers within a company face unique pressures and perspectives. Consider the following:


It's important to have the right governance in place to quickly identify and respond to operational risks.


The IT team needs to identify and address existing and unknown threats, especially as companies move to the cloud and digitise DevOps.


Operational resilience is strongly dependent on revenue and cash flow. Keep a constant eye on issues and problematic contracts to ensure that the business can access funding when new projects are arising.


There needs to be visibility and reporting from multiple places to help security teams respond to emerging threats proactively.


Getting the right data together and navigating through geopolitical nuances is challenging, especially when facilities teams need an instant view into the strengths and weaknesses of any global sites.


The human resources team needs to collect, request and collate data as employees and contractors join or switch teams to make sure that people have the proper access and rights.

When working to counter a disruption, the same caution applies as with any emergency: Follow a plan and don't panic. To counter emergent events and come through in a position of strength, successful businesses follow a four-stage resilience life cycle.


In the wake of disastrous events, it can be difficult to identify which services, people and processes are critical for ongoing operations — anything from organisational silos to poor data and different tools. Perform what-if scenario analysis and create plans for best outcomes, worst outcomes and the most likely outcomes.

Four-stage resilience life cycle


Operational procedures tend to be designed for efficiency rather than risk and compliance. They also tend to rely on corrective tools rather than more automated preventative measures. Unfortunately, this can leave gaps in a business' defences and make a response much more difficult. Instead, incorporating risk and compliance activities into everyday processes, automating where possible, using a common data source across your organisation and continuously monitoring for incidents, you can optimise incident response to the point where many emergent events can be countered before they have any negative impact.

Respond and recover

Perhaps the worst approach to operational continuity is waiting for disaster to strike before deciding how to respond. Poor communication between vendors or suppliers, inaccurate or incomplete information and insufficiently trained personnel may lead to businesses making uninformed, split-second decisions that may actually cause more harm than good. By creating a detailed continuity plan, you provide your organisation with a blueprint for remaining calm, reducing risks and recovering quickly. Make sure that your plan is reviewed and approved by key decision-makers and test it for effectiveness before implementation.


Effective operational resilience allows an organisation to bounce back from disasters. But with so much focus on survival, organisations can lose sight of the unique learning experiences disruptions provide. The ability to adapt and take away key insights means that you have the opportunity to improve your organisation and response plan to better counter disruptions in the future. In the event of an emergency, have programmes in place to collect relevant data, review and analyse results, and communicate vital conclusions to your teams.

Operational resilience is the ability to detect, prevent, respond to, learn and/or recover from disruptions in operations that could possibly affect the delivery of important business products or services. Business continuity management (BCM) designs, develops and maintains strategies and implements plans of action that provide protection or alternative methods of operation for a business when they are interrupted.

Form a holistic view

It's important to account for internal and external factors that will influence your organisation, such as systems, processes, business lines, assets, people and third parties. A resilient operation sees the interconnection and interdependence of risk and how it affects an organisation. An effectively managed risk management portfolio looks across divisions and operations to assess, in a holistic manner, all potential threats.

Design an approach to risk assessment

Translate risk into terms that everyone can comprehend. A common language provides the opportunity for a more comprehensive analysis and documentation of potential risks within the organisation. It also provides a more robust series of discussions around risk and returns on risk as your organisation takes the time to consider adapting to risk and changing conditions.

Assess for critical points of failure

There are no two events that are the same, but there is plenty to be learnt from each event. Assess where your key risks are across your organisation and implement potential workarounds to assist your organisation with its adaptation to changing conditions. Robust systems, flexible processes, a resilient culture and a collaborative environment are all key.


Your organisation depends on vital technologies and systems. Operational resilience demands a complete view of these critical assets and services, as well as information regarding major open incidents and a record of assets that are currently without reliable plans. Identify your most important asset as well as the key risks they face. These risks may include authentications, connectivity, encryption and vulnerability response.

Four Pillars of Operational Resilience


Your employees' well-being should be your primary concern in the event of a disaster or other emergency. Ensure their safety and help maintain their productivity by focusing on proactive collaboration, communication and leadership. Verify compliance with established controls by leveraging HR-system and app data, and provide alerts, training and policies to better prepare your workforce for potentially dangerous or disruptive situations.


Facility disruption, in the form of power outages, flooding, fires etc., can grind your business to a halt. Operational resilience helps to preserve safety and compliance within your facilities and ensure reliable access to status information and essential controls.

Third Parties

Even if your organisation is well prepared and extremely resilient, the third parties you do business with can introduce potential issues. Risk and compliance assessments help evaluate business continuity and risk management programmes from your suppliers, consultants and vendors. When necessary, include policy compliance in contracts and improve diversification through second sourcing.

Arm your organisation with operational resilience

Overcome the gaps, delays and overhead imposed by typical organisational and data silos.

Loading spinner