Highlights from the Operational & Organisational Resilience Conference 2025

Highlights from the Operational & Organisational Resilience Conference 2025

Last week, we were proud to exhibit at the Financial Services Operational & Organisational Resilience Conference 2025, hosted by Global Insight Conferences in central London. This year’s event brought together the top operational resilience leaders in financial services for a day dedicated entirely to the future of operational resilience - exploring how firms can achieve stability, security, and business continuity amidst emerging threats and evolving regulatory expectations.

Watch our video to catch Raj and Ryan’s key takeaways from the conference.

Watch Now

 

1. From Compliance to Culture

Meeting deadlines like the March 2025 operational resilience milestone or DORA was framed as just the baseline. True resilience requires a cultural shift - embedding resilience into behaviours, decision-making, governance, and strategy.

This means:

  • Shared ownership of resilience across every level of the organisation.

  • Awareness and training so resilience is understood beyond risk and continuity teams.

  • Accountability and incentives that make resilience part of “how we work,” not just “what risk does.”

Resilience isn’t a compliance project. It’s a cultural change programme.

 

2. Tougher Scenario Testing, Including Third-Party Dependencies

Scenario testing was a hot topic, with speakers urging firms to push beyond single-point failures and internal risks. The real test lies in modelling:

  • Cascading failures across supply chains and systemic enablers.

  • Multi-layered disruptions that impact multiple services at once.

  • Evidence-based testing, not just SME judgement.

  • Balance of quality and quantity - focusing on actionable outputs without exhausting stakeholders.

How far past impact tolerances should we push? Could mass scenario testing be automated, leaving high-value tests for targeted threats? And are firms truly using outputs to inform future decision-making?

 

3. Aligning Global Regulations

The global regulatory landscape is converging in principle but diverging in practice. Between UK requirements, DORA, and other frameworks, firms face overlapping, sometimes conflicting obligations.

Key takeaways:

  • Post-deadline reflection is now essential: lessons learned, remediation, and proof of resilience.

  • Regulators want more incident reporting, metrics, and tangible evidence of operational strength.

  • Harmonisation can help with efficiency, but localisation is unavoidable.

     

4. Cyber, Cloud, AI Risks & Opportunities

Technology risks were front and centre:

  • Cloud: brings scale and efficiency but raises questions of data sovereignty, systemic concentration, and shared infrastructure risks.

  • AI: can enhance resilience (automation, predictive analytics, anomaly detection) but also introduces new threats - model risk, bias, adversarial attacks, and opacity.

Most firms know their Important Business Services (IBS), but do they know their Minimum Viable Company (MVC) - the essential people, functions, and third parties needed to survive catastrophic disruption? Could AI help firms model this more effectively?

 

5. Horizon Scanning & Future Threats

Resilience leaders stressed the importance of looking beyond today’s risks:

  • Emerging risks: geopolitical stress, climate change, evolving tech, and systemic dependencies.

  • Third-party visibility: do firms really know their supply chain risks?

  • Data challenges: silos, inconsistent definitions, and weak governance limit insight.

  • Talent constraints: firms need cross-disciplinary skills spanning cyber, risk, and operations.

The challenge: balance rigorous testing and compliance with the practicalities of limited resources and day-to-day operational pressures.

 

6. Return on Resilience Investment (RoRI): The Elusive Metric

Perhaps the toughest question of the day: how do you measure the ROI of resilience, when success often looks like “nothing happened”?

Emerging approaches include:

  • Cost avoidance: quantifying disruption avoided.

  • Operational efficiency: faster recovery, smoother response.

  • Customer trust: maintaining service continuity in disruption.

  • Regulatory favourability: less scrutiny, fewer fines, smoother remediation.

"Who doesn’t want a resilient business?” Positioning resilience as the foundation of trust, adaptability, and long-term continuity helps shift the narrative from cost centre to strategic enabler.

 

Final Thoughts

The conference reinforced that the sector is entering a new phase of operational resilience. Compliance is necessary but not sufficient. Resilience must become embedded in culture, powered by smarter testing, aligned to a complex global regulatory landscape, and informed by a clear-eyed view of technology’s opportunities and risks.

As exhibitors, we were energised by the conversations and inspired by the sector’s collective ambition. At DCR, we’re helping firms turn these insights into action - from regulatory alignment and scenario testing to embedding resilience as a cultural and strategic advantage.

Contact us to find out more

See more...

ALL RESOURCES