Disaster Recovery Journal Spring 2026

What To Do About It Those are some data points to show how cyber resilience is not as intrinsically integrated into an organization’s overall business resilience, relative to many of the traditional business continuity or IT disas ter recovery initiatives. As BC/DR profes sionals, ask yourself and your teams to assess your circumstances, compared with the figures above: 1) Where are you and your team in the “RACI” of cyber resilience initiatives? Are you responsible or accountable for any of the supporting functions? Are you consulted on strategy and execution alignment? Are you informed ? Are you completely out of the loop? 2) When considering your interactions with senior leadership related to resilience initiatives, what would you estimate their year-to-year change in interest is related to cyber security? Accordingly, are they spending any less time considering the resilience of other business processes, third-party providers, or governance/ compliance? v

FIGURE 3 – Engagement with leadership regarding organizational resilience.

asked about their engagement with a vari ety of senior leadership roles as shown in Figure 3. The good news, roughly 80% of resilience professionals are either “well engaged” or have “regular awareness” interactions with both business stakehold ers and IT leaders. That said, the amount of engagement declines when seeking sup port from senior leadership or the C-Suite and significantly declines when attempt ing to interact with the board. Of course, not all senior leadership/

board topics are equal. When asked about the year-to-year interests and prioritiza tion of resilience topics within senior leadership, respondents noted concerns of cyber security are gaining a disproportion ate amount of increased interest by senior leaders. That said, with a finite amount of time and focus for resilience by senior leaders, the survey reveals relatively less prioritization of business process resil ience, dependencies on third parties, and governance/compliance.

Jason Buffington has more than 35 years of experience in the IT disaster recovery space, been a CBCP since 2003, spoken at hundreds of DR and IT events, and pub lished in numerous periodicals and blog

sites. He is the founder of Data Protection Matters, an independent research and analyst firm focused on data protection, cyber resilience, BaaS & DRaaS, and BC/DR. Buffington is active in the BCI AI-SIG and the ACP. Outside of BC/DR, he is an executive coach and an active volun teer leader in Scouting America; “Be Prepared” is their motto too. For more on the research topics and methodol ogy, please visit https://DataProtectionMatters.com/OR26.

24 DISASTER RECOVERY JOURNAL | SPRING 2026