Why Care about Technology Risks and Building Resilience?

This is the first post in a two-part series exploring the benefits of technology resilience. It defines technology resilience and describes its value to organizations. A subsequent post describes aspects of technology resilience and outline steps to implement a technology resilience program.

Technology resilience remains a new idea for some organizations. Even those who are familiar with its principles may have trouble articulating the benefit of strengthening their technology resilience, which can become a problem when it impedes leaders from making the case for core funding and executive sponsorship.

Technology resilience: what it is; what it isn’t

Technology resilience is one component of a strong business continuity and resilience program, including crisis management, disaster recovery and business resumption. It encompasses the practices, tools and processes that will ensure minimum acceptable levels of service — even in the presence of a disruptive event. Technology resilience seeks to reduce manual efforts associated with effecting a return to business as usual.

The concept of technology resilience is tangential to the notion of recovery, but recovery is different. Recovery is concerned with ensuring systems can be rapidly restored after disruption.

The difference between technology resilience and technology recovery is further highlighted by the architectural features that underlie each practice. Technology resilience is supported via architectural features like real-time or near-real-time replication of data, load balancing and distribution of workloads across fault domains, among others. Resilient architecture includes automation to scale up or avoid issues within any fault domain.

Without resiliency in mind — where technology architecture focuses on recovery goals only — system instances may not be entirely isolated. They may depend on a particular site. Data might be replicated, but with recovery time objectives measured in hours — not minutes. With only recovery in mind, application architectures feature numerous stateful components; automations are designed for migrating resources that survive an attack, or for recovering resources from backups, a time-consuming process.

Smart reasons to sponsor and fund technology resilience programs

When businesses successfully implement technology resilience, they achieve a wide range of benefits. Leaders who would build technology resilience, either with external help or by drawing on the skills of their own people, may want to take note of these benefits as they make the case for the funding and sponsorship that technology resilience programs will require.


  • Preventing disruptions, data breaches and operational losses results in cost savings that quickly balance the technology resilience programs’ initial costs.
  • By minimizing disruption, technology resilience practices circumvent the reputational damage and erosion of stakeholder trust that technology failures incur.
  • Customers, partners, investors and other stakeholders are more likely to trust and engage with businesses that prioritize reliable and resilient systems, giving those with robust technology resilience a clear competitive advantage.
  • Stakeholders — whether investors, customers, partners or employees — favor organizations that are resilient. This stakeholder confidence leads to stronger relationships and opens the organization to increased opportunity.
  • Technology resilience facilitates innovation: when a business is confident in its resilience, it can explore opportunities for innovation and growth from a position of strength.
  • Organizations that are technology-resilient are also better at strategic planning, as the program encourages a more proactive approach to risk management. These organizations are planning for disruption and have established guidelines to mitigate its effects.


  • Mature technology resilience programs ensure business operations continue even during disruption. As such, these programs support operational resilience, avoiding downtime that interrupts revenue generation.
  • Technology resilience practices help businesses manage risk by anticipating and planning for cyber threats and system failures that lead to potential data breaches, financial loss, reputational damage and more.
  • A well-developed technology resilience program ensures compliance with regulatory requirements and guidelines in various jurisdictions which mandate data protection, data privacy and other business continuity capabilities.
  • A technology resilience program enables rapid adaptation and response to constantly evolving technologies and threats — while maintaining stable operations.
  • Through early identification of risks to critical systems, technology resilience focuses on securing and maintaining those systems, resulting in more effective management of resources.
  • Employee productivity and management’s ability to make decisions must be supported by robust technology resilience, since staff will be less likely to be affected by unplanned downtime and other disruptions.
  • Technology resilience programs foster a culture of preparedness, so businesses are better positioned to avoid risks with far-reaching consequences for their operations, finances, customer satisfaction and brand reputation. These programs protect organizational interests and help build competitive advantage over time.

While technology resilience is still a new idea for some organizations, the benefits described here make the case for building a program whose benefits quickly outpace the costs. In our next post in this series, we describe the aspects underlying successful technology resilience programs, and outline an approach to successful program development and operation.

To learn more about our technology resilience solutions, contact us or download our Guide to Business Continuity and Resilience and refer to Achieving Resilience Starts at the Top.

Damon Owen

Managing Director
Technology Risk and Resilience

Dave Cozzens

Associate Director
Technology Risk and Resilience

Subscribe to Topics

Protiviti’s Patrick Gilgour discusses how IT leaders should establish proactive and collaborative partnerships, while also touching on the importance of ongoing monitoring of key partnership metrics. https://ow.ly/YyBE50QHZZe #ProtivitiTech #CIO

NIST released version 2.0 of its Cybersecurity Framework this week. Find out how the updated framework expands its core guidance to help organizations of any size and sector manage and reduce their cybersecurity risks. https://ow.ly/CPUC50QJpoG #ProtivitiTech #Cybersecurity

NIST released version 2.0 of its Cybersecurity Framework this week. Find out how the updated framework expands its core guidance to help organizations of any size and sector manage and reduce their cybersecurity risks. https://ow.ly/CPUC50QJpoG #ProtivitiTech #Cybersecurity

“Privacy practitioners need to stay really in lockstep with what’s happening from an emerging perspective and be able to respond quickly,” says Sameer Ansari on approaching #Privacy training amid rapidly emerging technology. https://ow.ly/ZBBC50QI0tr #ProtivitiTech

Research out of Protiviti and the London School Economics finds that the productivity of Gen Z and millennial workers is affected, in part, due to the friction with older managers. Learn more: https://ow.ly/V68C50QHj14 #Protiviti #Generations

Load More