Disaster Recovery Journal Spring 2026

That said, 68% of survey respondents outside of InfoSec claimed “little to no” experience or exposure, reducing taxon omy and likely cross-functional empathy on how to partner on comprehensive resil ience. It should come as no surprise a sig nificant portion of any resilience education event – including DRJ spring and fall con ferences – boast a significant percentage of its curriculum covering ransomware, AI, or both. Is Cyber Resilience Reaching the C-Suite or Board? For many resilience professionals, a key challenge or inhibitor for them improving the resilience posture of their organization is the lack of support from senior manage ment. n One in four respondents identified “senior management support” as one of their top three challenges. n One in five cited “improved engagement with senior management” would be the single biggest accelerant to their organization’s resilience. Digging deeper, respondents were

FIGURE 1 – Respondents’ RAC across resilience initiatives.

For the purposes of this research, respondents were either engaged, informed, or “out of the loop.” As one might expect, nearly all respondents were engaged in business continuity and nearly the same in crisis management. However, as the resilience initiatives focused more on technologies, engagement gave way to informed or not included (see Figure 1). The art and science of organizational resilience requires expertise from a vari ety of fields, which often gives opportu nities for resilience professionals to gain exposure and expertise across a variety of resilience initiatives. For some, this results in career progression. For others, cross functional acumen enables better partner ing toward the greater goal of business resilience. This can be seen when respon dents from the survey were asked how many years of direct responsibility or rou tine interaction they had across five related disciplines, including the four resilience functions, as well as governance/compli ance (Figure 2). The chart does not tell the whole story. At face value, one could infer less experi ence in cybersecurity. Actually, informa

tion security professionals boasted more than 14 years in the field (equitable expe rience in their area of expertise).

FIGURE 2 – Years of experience in each resilience field, with respondents averaging 17.7 years in resilience roles.

22 DISASTER RECOVERY JOURNAL | SPRING 2026