Accessibility links Skip to main content
News \ Operational Resilience & risk management

Operational resilience: the dominant perspective

Tom den Hartog & Eva Noordhoek
June 30, 2026 · 5 min read English

For years, organizations have optimized for maximum efficiency. Stable conditions allowed us to design organizations, supply chains, processes, and systems around known constants. These conditions encouraged tight integrations and deep dependencies, because efficiency rewarded them. That stability is gone. 

Inaction now is a strategic risk. The operating environment is shifting faster than traditional structures can adapt. Organizations must now design for uncertainty, not stability. That means to absorb shocks and adapt to externally imposed change.

Operational resilience must be designed across the full system: organizational structures and decision rights, governance and control models, supply chains and partnerships, core processes, talent and culture, and the digital systems that connect and enable them. Weakness in any one of these domains can cascade across the enterprise.

Resilience determines whether an organization can absorb disruption without destroying value, reorganize under pressure, and continue to serve customers, markets, and society when conditions deteriorate. In that sense, resilience is increasingly comparable to other strategic asset classes: it is measurable, improvable, and governable at board level.

At its core, resilience creates value in two ways:

  • it protects downside by limiting financial, operational, and reputational damage during disruption, and
  • it creates upside optionality by preserving strategic freedom.

 

No-IT is no IT problem

Digital fragility has become a systemic business risk. In our report “NO-IT is no IT problem”, we described how digital dependencies have become systemic: when IT stops, the organization stops. That central diagnosis remains valid.

What has changed is the context and the stakes. Boards now operate in an environment where crises no longer occur sequentially but simultaneously; where geopolitical pressure reshapes supply chains; where regulatory intervention accelerates unpredictably; and where human capital is as fragile as digital infrastructure.

In this environment, the organizations that sustain and grow value are those that can adapt faster than disruption unfolds. Adaptability has become the mechanism through which resilience translates into value.

This shift requires leaders to rethink resilience not as a technology capability, but as an operational, organizational, and societal challenge. As the report states clearly: delegating digital resilience to IT reinforces the misconception that outages are technical incidents, when in reality they are operational disruptions in a digital era.

 

Resilience, recoverability & adaptability

Many organizations still frame resilience as a defensive requirement: something to be controlled, audited, and “covered.” In practice, this framing creates a false sense of safety. Controls do not guarantee continuity. Documentation does not create recovery. And testing alone does not produce options when conditions fundamentally change.

In a digital operating environment, resilience is not a static state. It is a dynamic capability that determines whether an organization retains freedom of action under pressure.

This requires a shift in thinking. Resilience is not primarily a technology problem, nor a compliance exercise. It is an architectural discipline that spans three tightly connected domains:

Technical architecture – platforms, identity, networks, data, and integration patterns

Process architecture – continuity of critical service delivery, including degraded and manual modes

Organizational architecture – decision rights, crisis leadership, escalation paths, and ownership 

Weakness in any one of these domains will surface under stress—and when it does, the effects propagate rapidly across the system.

Most leaders already accept the principle of “designing for failure.” Observability, redundancy, and safeguards are widely discussed. Yet many organizations discover too late that their architectures offer no real alternatives. Dependencies are deep, switching paths are unclear, and recovery assumes conditions that no longer exist during a crisis.

This is where adaptability becomes decisive.

Adaptability is the ability to reconfigure under pressure: to switch, reroute, rebuild, or reorganize when assumptions fail. It is what transforms resilience from a defensive posture into a strategic asset.

In practice, adaptability is created through concrete architectural options:

Options for operational recovery – preserving the ability to deliver essential services, even in severely degraded conditions.

Processes: manual fallbacks, minimum viable operations, physical workflows

Options for fast rebuild – restoring processes, applications, or entire environments on clean infrastructure when trust is lost.

Options for alternative capability – ensuring continuity when critical technology, suppliers, or expertise become unavailable.

These options are not abstract. They are designed deliberately—or not at all.

Organizations that lack such options are forced to rely on hope: hope that backups are clean, hope that key people are available, hope that external platforms recover in time. Hope is not a resilience strategy.

Modern operational resilience is the capability to operate with choices under uncertainty.

Those choices determine how much value is preserved, how fast trust is restored, and whether the organization emerges weakened—or stronger—after disruption. 

 

Societal interdependencies and human resilience

Resilience does not stop at the enterprise boundary. Digital fragility amplifies operational risks across supply chains, public infrastructure, and even basic societal functions. When payment systems stop, when logistics freeze, or when communication channels are unavailable, organizations face societal vulnerability, not merely technical downtime.

Equally important is human resilience, which is another theme emphasized in the report: Employees may not be available during a crisis. Their loyalty, safety, or family priorities may pull them away from corporate obligations. In crises, organizations rely on people, yet people themselves rely on societal stability.

Operational resilience therefore requires preparation in three domains:

  • People: availability, training, crisis roles, societal preparedness
  • Processes: manual fallbacks, minimum viable operations, physical workflows
  • Partners: supply-chain continuity, alternative arrangements, cross-sector collaboration

An organization’s resilience is only as strong as the society and suppliers around it.

 

An economic lens on operational risk

Boards increasingly recognize that cybersecurity and operational risks must be understood in economic terms. Yet the report shows a recurring gap: executives lack actionable insight into the materialized financial impact of disruptions, making it difficult to prioritize investments or weigh trade-offs. 

BCG’s research shows that companies with mature operational-resilience capabilities are far better positioned to minimize the financial impact of disruptions and safeguard their margins.

Recent industry research on operational and IT downtime shows that in many large manufacturers and other critical sectors, a single hour of unplanned disruption can easily cost between $1 million and $5 million (roughly €1–€4 million) in lost revenue and associated margin.

Similarly, EY’s Resilient Enterprise Framework reframes resilience spending as capital preservation, safeguarding both tangible and reputational assets.

According to Gartner’s Technology Trends, CIOs are increasingly expected to strengthen operational resilience and ensure rapid recovery when disruptions occur.

Financially grounded models such as the FAIR Materiality Assessment help translate risks into business language, exposing how outages affect revenue, recovery cost, liability, and reputation .

This shift allows leaders to make decisions based on clear trade-offs, not instincts or dashboards.

  • Risk appetite ≠ control
  • Compliance ≠ resilience
  • Controls ≠ recovery
  • Testing ≠ adaptability

Economic framing makes these distinctions visible.

 

Engineering resilience: three reinforcing capabilities

Building operational resilience requires more than isolated improvements in technology, governance, or process. It demands a systemic approach, one in which organizations deliberately engineer their ability to withstand, absorb, and recover from disruption.

Across industries, three reinforcing capabilities are increasingly recognized as central to strengthening resilient operating models: designing for failure, validating through simulation, and governing through insight. Together, they form a continuous learning loop that strengthens resilience over time. 

1. Designing for failure

Modern digital ecosystems are too interconnected to rely on prevention alone. Identity layers, network segments, supply-chain components, and cloud services can all fail—often simultaneously.

Leading organizations adopt one principle: assume everything can fail.

This requires architectures that embed:

  • graceful degradation,
  • fallback modes,
  • isolation of failure domains,
  • controlled decoupling of dependencies.

While many infrastructures look “resilient” on paper, real incidents repeatedly expose hidden bottlenecks. Failures in identity platforms or networking layers often become single points of systemic outage.

 

2. Validation through simulation

Architecture alone does not create resilience. Resilience must be proven.

This is why leading organizations conduct No-IT simulations, which is full loss of digital capability—to expose the real dynamics of failure. Simulations routinely reveal:

  • hidden dependencies
  • flawed assumptions
  • behavioral and process gaps
  • infected or inaccessible backups
  • unclear decision-making authority

One executive described the shock when “immutable backups” turned out infected because ransomware had persisted unnoticed for months.

Deloitte highlights that organizations that regularly run crisis simulations, including cross-functional and immersive exercises, strengthen their crisis reflexes, improve preparedness, and enhance their ability to respond effectively when disruptions occur.

Similarly, analysis by SAFE Security shows that many large-scale breaches cause the most harm after the attack—during slow, fragmented recovery.

 

3. Governance through insight

Resilience is enterprise-owned. Effective governance requires:

• clear crisis structures and mandates

• cross-functional ownership

• alignment with business priorities

• coordinated engagement with critical third parties

McKinsey’s Resilience Imperative highlights that organizations with clear resilience governance structures outperform peers on both recovery and long-term growth.

Outdated or unclear governance structures cause immediate paralysis during real disruptions. Together, these capabilities form a resilience system that is learning, adaptive, and continually improved.

 

4. Measuring what matters

High-performing organizations treat resilience as measurable performance. Testing is not a compliance ritual; it is engineering feedback.

Core resilience KPIs include:

  • RTO (Recovery Time Objective)
  • RPO (Recovery Point Objective)
  • MTD (Maximum Tolerable Downtime)
  • RTF (Recovery Time to Function)

Each simulation becomes an insight engine.

Each incident becomes design input.

Each improvement strengthens the resilience operating model.

 

5. Governance and accountability

Governance must accelerate and not resilience. According to Deloitte’s 2024 Board Pulse Report, nearly half of European boards now track resilience metrics as core business indicators. Effective leadership ensures that governance structures accelerate recovery.  

Four principles stand out:

  1. Whole system in the room – Align internal and external stakeholders on risk, continuity, and recovery.
  2. Operational risk across functions – Map processes, dependencies, and single points of failure.
  3. Risk tolerance & financial framing – Balance cost, acceptable risk, and business continuity.
  4. Organizing & testing for continuity – Embed practice, measurement, and governance into daily operations.

Recent outages, including cloud identity disruptions, highlight that redundancy is an illusion when entire architectures depend on a single external control plane.

Organizations that recover first protect market share, sustain trust, and often outperform slower peers long after recovery.

 

Resilience is a continually engineered capability.  

Operational resilience is not a project but a discipline. It must evolve with every outage, every simulation, every societal shock, and every technological shift.

Digital resilience is not an IT topic.

It is the strategic, human, and architectural capability to continue functioning—even when everything fails.  

“Resilience ensures we can recover. Adaptability ensures we can evolve. And operational resilience ensures we can continue serving society when it matters most.”

Read more