The Human Core of Resilience

BCI’s Horizon Scan Report 2025 reveals a widening gap between lived disruptions and future risk perceptions—showing why people, not technology, will determine organizational survival.

The discussion of risk and resilience, as detailed in the BCI Horizon Scan Report 2025, centers on a complex and evolving threat landscape, the criticality of human factors, and the frameworks organizations use to manage disruptions.

Defining Resilience and the Risk Landscape

Resilience refers to how organizations perceive, prepare for, and respond to disruptions, encompassing various aspects such as the focus on staff capacity and well-being, and the adoption of new technologies. A central finding of the report is that resilience is ultimately a human story, defined by the well-being, confidence, and capability of individuals and how organizations perform under pressure. It is emphasized that resilience cannot be automated; rather, it must be lived, tested, and continually refined through human interaction.

The operating environment presents a complexity of risks ranging from digital challenges, such as cyberattacks and AI, to environmental hazards and geopolitical shifts. Risks are assessed by evaluating the estimated impact and frequency of various events.

The Evolving Risk Landscape

Recent Disruptions (Past 12 Months)

Analysis of disruptions over the past year shows a shift in the primary sources of operational difficulty:

• Human Factors as Highest Risk: Incidents concerning staff well-being have been the highest risk to organizations over the past twelve months. Safety incidents have consistently ranked at the top of the chart for the past five years (excluding one year when fraud ranked first). The overall risk index for a Safety incident (14.64) stands out, largely due to its frequency.

• Dominance of Natural Hazards: Extreme weather events are identified as the single largest cause of disruption over the past 12 months for the first time since 2017 (13.3%). This trend aligns with major global events, demonstrating how natural hazards have become secondary only to digital threats in the top five causes of disruption.

• Digital and Operational Threats: Despite the rise of environmental concerns, Cyberattacks and Fraud/attempted fraud remain high-ranking cumulative disruptions.

Future Risk Perception and the Disconnect

Practitioners perceive the future threat landscape as a complex combination of digital challenges, climate risk, and geopolitical uncertainty.

• Near-Term Concerns (Next 12 Months): Cyberattacks top the risk index assessment for the next 12 months, indicating they remain the greatest concern despite other events causing more impact over the entire preceding year. Extreme weather events, IT and telecom outages, and Data breaches follow closely.

• Long-Term Concerns (5-10 Years): Cybersecurity (63.6%) is the dominant long-term concern. Climate risk is second (40.7%). The role of AI (30.5%) is cited as a clear concern for the first time, recognized as both an enabler and a new source of exposure.

• The Disconnect: A significant finding is the disconnect between recent disruptions and future risk perception. Health and safety issues, which have been the most recurring challenge since 2020, do not figure prominently in the charts detailing future risk concerns, suggesting they might be slipping under the radar.

Consequences of Disruptions and Human Resilience

Disruptions have a broad impact on organizations, not just affecting operations, but profoundly impacting people.

• Staff Morale: Negative impacts on staff morale, wellbeing, and mental health are a common consequence of disruption (35.8%). The strain of internal expectations remaining the same during disruptions can lead to increased stress and potential mental health issues among the workforce.

• Operational Strain: The most common consequence is customer complaints received (43.2%), followed by loss of productivity (41.9%) and impaired service outcomes (33.1%).

To counter these impacts, organizations are reminded of the value of human resources, emphasizing that organizations must protect their most vital asset: their people. This necessitates attention toward health and safety, which has grown over the past five years.

Strengthening Organizational Resilience

Organizations utilize several techniques and frameworks to strengthen resilience:

• ISO 22301 as a Framework: The ISO 22301 standard serves as the dominant framework for formal business continuity management (BCM) programmes. Most organizations (59.2%) use the standard as a framework without seeking formal certification. Certification, when pursued, significantly increases organizational resilience (80.8%) and demonstrates the effectiveness of the BCM programme to external stakeholders (76.9%).

• Trend Analysis and Horizon Scanning: Trend analysis remains a vital tool for evaluating risks. Practitioners combine internal risk and threat assessments (87.2%) with external reports/industry insight (75.2%) to understand the threat landscape. Despite the growth of new technology like AI, the top tools used for analysis still rely heavily on human inputs, such as collaboration with peers and participation in industry events.

• Agnostic Planning: There is a growing discussion around agnostic planning, where practitioners focus attention on internal resources and vulnerabilities and their capabilities to respond, rather than trying to plan for every specific threat scenario.

• Investment: In 2026, most organizations plan to either maintain investment at appropriate levels (43.1%) or increase investment to meet growing programme needs (19.8%).

The complexity of the current threat environment, blending physical and digital challenges, requires continuous monitoring, rapid incident response, and contingency planning to maintain continuity. The continuous evolution of the threat landscape means defenses must constantly rise just to "stand still".