Organizational Resilience

for 2026

Independent research examining how 502 resilience leaders across BC, CM, IT DR, and InfoSec are pursuing resilience for their organizations in 2026.

Research Completed • Findings Now Available

Why Organizational Resilience Matters

DPM is excited to share it’s first project in partnership with the Disaster Recovery Journal (DRJ) and its BC/DR community.

DPM conducted a quantitative survey in the summer of 2025 to measure the priorities and sentiments towards Organizational Resilience. The results include insights from 502 leaders whose areas of responsibility cover at least one of the following for their organizations:

IT Operations and Disaster Recovery (DR)
Business Continuity (BC)
Crisis or Emergency Management (CM)
Risk Management (RM)
Cybersecurity & InfoSec (IS)

The respondents included a balance of smaller organizations and large enterprises, with good representation from both technical and business leaders across the disciplines listed above in US and Europe.

What Topics were covered

The survey assessed how or whether data-centric resilience, cyber-preparedness, and IT disaster recovery align within broader organizational resilience initiatives and methods, including:

Areas of influence and experience related to Resilience
Hierarchy and RACI responsibilities for their organization’s Resilience
IT DR SLAs and frequencies of planning, testing, and confidence
BC sponsorship and engagement across organizational leadership
Top challenges and accelerators to organizational resilience
Most frequent and most impactful disruptions experienced

Concerns and priority shifts among executive stakeholders
How certification affects resilience strategies and implementations
Where third parties fit within resilience strategies
Overall confidence in resilience
Budgetary changes for resilience initiatives for 2026

What key themes emerged

Detailed findings are available to DPM clients and webinar attendees on the following:

Only 59% of key business processes are resilient, reflecting persistent gaps between recovery expectations and what organizations actually test.
Cyber preparedness remains least integrated across the BC/DR continuum, driven by siloed ownership and limited shared experience across BC, IT DR, and InfoSec.
Third‑party dependency is the leading disruption driver, yet most organizations exclude suppliers from business continuity and disaster recovery planning.
Resilience investment is rising faster than IT spending, but senior leadership support and cross‑functional alignment drive the greatest improvement.
Most organizations are embracing managed services as part of their resilience strategy, with BaaS being most common, followed by various Cyber & DR services.

These insights provide context for how resilience strategies are evolving beyond purely technical conversations — with several actionable insights as takeaways for improvement.

how you Can utilize the findings

DPM annual service subscribers have access to portions of the OR26 data and usage rights to author their own content utilizing the OR26 data. DPM can also write custom written or event content from the OR26 data that aligns to your go-to-market goals. Else, DPM is hosting a dedicated webinar reviewing:

Core findings and enterprise sentiment trends
Budget and ownership patterns entering 2026
Strategic implications for resilience leaders
Live discussion and audience Q&A

This content is designed for IT leaders, security professionals, MSPs, vendors, and enterprise stakeholders seeking independent insight into organizational preparedness.

Available now

Research Fieldwork Completed: 2025
Research Publicly Debuted: DRJ Fall 2025 in Sept 2025
1st Forbes article based on OR26 insights: Dec 2025

Stop Equating ‘Cyber Resilience’ With Ransomware Remediation

[Read article →]
2nd Forbes article based on OR26 insights: January 2026

Why Your Organization Is Not As Resilient As You Believe

[Read article →]
OR26 Webinar: March 2026

Register for the OR26 Webinar
On-Demand webinar: Available in April 2026

where OR26 was Presented

The research publicly debuted in September 2025 as a breakout session at DRJ Fall 2025 in Dallas, Texas – with secondary content through articles in Disaster Recovery Journal and elsewhere.

Data is usable by DPM annual service subscribers or by separate license.

TO LEARN MORE about this research and its insights — contact us.

About Data Protection Matters

Data Protection Matters (DPM) delivers independent research and insight on backup, disaster recovery, and cyber resilience.

Led by industry analyst and speaker Jason Buffington, DPM helps vendors and service providers understand how organizations actually plan, buy, and operationalize resilience.