A post by Sean Dubey and Simon Hodgkinson of BP on the Cyber Security Intelligence website (https://www.cybersecurityintelligence.com/blog/operational-resilience-more-than-disaster-recovery-6767.html) stresses that disaster recovery plans focusing on natural disasters are insufficient to deal with modern threats. Disaster recovery should be viewed in the context of a business' overall viability, including cyberattack protection, detection and response.
In contrast to disaster recovery, operational resilience includes business risk management, continuity, and third party supplier risk management. Instead of recovery, it seeks to keep business running during a disruption.
Operational resilience needs involvement of everyone from executives to individual employees. Businesses must understand that their suppliers, partners and vendors are also targets.
Organizations need to understand the impact of operational technology (OT) in a cyber incident. Understand the differences between IT and OT so a cyber attack does not shut down the entire operation.
Engineering and cyber departments have to collaborate and understand each other's perspectives.
By prioritizing the resilience of their identity systems, organizations can address the trhreat to operational resilience.