AI, regulations, and leadership: A year in resilience explored
The BCI is pleased to launch its A Year in the World of Resilience 2024 Report, sponsored by Riskonnect. Returning for its second year, this report pulls together key themes emerging from the resilience sector throughout the past twelve months and examines practitioners’ concerns for the year ahead.
Regulations, geopolitical tensions, and weather-related disruption were 2024’s top challenges
Practitioners have faced significant challenges this year. As well as the more traditional concerns of cyber-attacks and loss of technology, impending implementation of regulations such as DORA and NIS2, escalating geopolitical tensions from ongoing conflicts and a record number of elections, as well as severe weather events like floods, wildfires, and storms have posed the most pressing concerns and response activations for the resilience sector over the past twelve months.
A shifting perspective on AI: practitioners make decisions
As per 2023’s report, AI reliability and security remains a prominent concern for practitioners. However, changes are beginning to emerge. This year’s research shows that decisions are starting to be made as more practitioners’ class AI as either a resilience enabler or a disabler. Despite this, many feel that a wait and see approach to the implementation of AI is the way forward. This is a trend that we expect to see developing in 2025 as more information, practical capability examples from peers, and desired legislation, begin to emerge.
Senior leadership boost their involvement and practitioners form resilience umbrellas
An encouraging trend this year is senior leadership playing an increasingly involved role in championing resilience programmes. Cyber resilience, particularly AI integration, is their primary focus, followed closely by regulatory compliance. This involvement is positive news as leadership is best positioned to lead an organization’s resilience strategy and enable resources in critical areas, but research indicates their level of involvement varies. Regulatory compliance, crisis management, and new technology decisions fall under more direct management, whereas strategic oversight is more likely with business continuity, cyber resilience and operational resilience streams. Alongside this trend, BC and resilience practitioners have increased collaboration and coordination with most departments indicating the formation of a ‘resilience umbrella’ in some organizations. Areas/departments where practitioners keep an especially close relationship with are enterprise risk and cyber security.
A push towards modernising business impact assessments
This year most organizations have remained generally happy with their BIA process and although there have been a few changes in technology use over the past twelve months, many expect to explore, or have already started to incorporate, new technology from third party providers. However, one aspect remains out of bounds for most: AI is currently considered too risky to use in a BIA by most, particularly regarding security issues surrounding inputting sensitive company data. Despite this early reticence, many practitioners would consider incorporating AI into the process going forward, indicating interest in its future capabilities.
Budget forecasting: Cyber and operational resilience are key areas for investment in 2025
Looking ahead to 2025, uncertainty over economic pressures means that most expect budgets to remain stable, however a considerable percentage of practitioners expect a healthier budget in 2025, to address ever present cyber resilience risks and increase operational resilience efforts due to increased regulatory pressures.
A Year in the World of Resilience Report 2024 covers the above and analyses the year’s events in greater depth. We extend our thanks to Riskonnect for their generous sponsorship of 2024’s final report.
Rachael Elliott, Knowledge Strategist at the BCI, commented
“With cyber security topping the list throughout the year in terms of organizational priority, it is interesting that regulatory concerns have come to the fore at the end of the year. The nearness of 2025 will undoubtedly be causing concerns for some financial services organizations in the EU, the UK, and Australia as deadlines approach for implementing operational resilience. For other organizations, additional regulations and guidelines – such as climate targets, NIS2, and AI legislation – will be at the forefront of management teams’ minds. Looking forward to 2025, the findings of this report suggest organizations will take a more risk-based approach to resilience to ensure they can thrive in a complicated and unpredictable risk landscape, while the onboarding of new technologies to transform resilience practices – such as AI – will require organizations to set out new controls and procedures.”
John Verdi – Senior Director, Professional Services at Riskonnect said: “Riskonnect, is honoured to sponsor The BCI’s ‘A Year in the World of Resilience: 2024’. This informative report contains insightful research and findings on the topic of resilience and the significant challenges we have faced this year.
I hope that you enjoy reading this report and that it will provide you with the necessary information and actionable ideas that will empower you to take control of your resilience capabilities next year and beyond.”
More on
About the author
Rebecca Mathews
The BCI
