Operational resilience has become critical for businesses in 2025 and beyond, as the world becomes increasingly digital and disruptions are on the rise . Cyberattacks, natural disasters, supply chain failures, and regulatory shifts can throw businesses off course, making the ability to adapt and recover essential . A Finextra impact study, produced in association with Cockroach Labs, explored the best-in-class strategies firms have adopted to achieve operational resilience, highlighting that companies should go beyond mere compliance and exploit regulations as a business opportunity to stimulate productivity, increase competitiveness, and reduce costs .
The European Union has implemented the Digital Operational Resilience Act (DORA), which became fully enforceable on January 17, 2025, to enhance the resilience of financial institutions against digital threats . DORA mandates harmonized standards for ICT risk management, cyber resilience testing, incident reporting, and third-party risk oversight . The act aims to harmonize digital operational resilience requirements across all EU financial entities, providing a safer financial ecosystem for businesses and their customers . Firms must implement strict measures to identify, manage, and report risks, including those stemming from third-party providers .
Compliance with DORA is not just a regulatory requirement but also a business opportunity to stimulate productivity, increase competitiveness, and reduce costs . Companies that go beyond mere compliance and integrate resilience into their risk management strategies are better equipped to withstand disruptions and ensure the continuity of business operations . This includes developing a flexible and adaptable workforce, implementing cloud-based phone systems, and ensuring secure VPN access for remote work .
In addition to DORA, organizations certified under ISO/IEC 27001 must transition to the 2022 revision of the standard by October 31, 2025, which places a stronger emphasis on operational resilience through enhanced information security controls, integrated business continuity planning, and broader risk and threat response strategies . UK financial services firms also need to comply with new requirements on operational resilience by March 31, 2025, which requires them to have tested their ability to remain within their set impact tolerances through realistic and challenging scenario testing .
To achieve operational resilience, organizations must focus on building a business that can keep running no matter what . This involves designing systems and processes to handle disruptions without breaking down, rather than merely reacting to emergencies . Key strategies include streamlining incident reporting processes, conducting regular testing, and enhancing communication with stakeholders . Additionally, companies should invest in training and awareness for staff on legal requirements and the importance of cybersecurity and operational resilience . Leveraging technology solutions to manage and monitor ICT risks effectively is also crucial .
In conclusion, operational resilience is essential for businesses in 2025 and beyond. By integrating resilience into their risk management strategies and complying with regulations like DORA, organizations can survive digital fallout and ensure the continuity of business operations .