Operational resilience is the ability of an organisation to anticipate, prepare for, respond to, and adapt to incremental change and sudden disruptions in order to continue delivering critical business services. It goes beyond traditional business continuity planning by taking an end-to-end view of service delivery, including dependencies on third parties, technology, people, and processes.
Regulatory frameworks such as DORA (Digital Operational Resilience Act) for the financial sector and NIS2 for essential services have elevated operational resilience from a best practice to a legal requirement. Organisations must map their critical business services, set impact tolerances, conduct scenario testing, and demonstrate to regulators that they can remain within those tolerances even during severe but plausible disruption scenarios.