Leaders must coordinate with other organizations in their ecosystem to prevent and respond to cyber risk.
When a CrowdStrike patch inadvertently disrupted Windows endpoints worldwide in 2024, even well-prepared companies were impacted. Yet while many companies struggled to get back online, some were able to recover surprisingly quickly.
The difference came down to how quickly leaders could understand the scope and risk, validate mitigation steps, and align communications. For example, within an hour of the disruption, members of the Business Resilience Council were sharing what they were seeing in a cross-sector chat. Later that day, those practitioners were collaborating on a call. Soon after, CrowdStrike’s CEO briefed over one thousand companies in the BRC’s trusted forum. The only way to consistently reach that level of speed and candor is through pre-wired relationships, secure channels, and rehearsed playbooks. That’s what we call “collective resilience.” This idea builds on operational resilience, which is an organization’s ability to keep its important services running during a disruption by meeting minimum viable service levels while full recovery proceeds in parallel. Collective resilience, by contrast, is the ability of multiple organizations to coordinate so that services to customers continue, even in an impaired state, across shared providers, partners, and platforms. Companies need to put this idea into action by building shared communication channels and playbooks with their most important third parties, defining minimum service levels for critical services, and rehearsing impaired delivery together before the next disruption forces the issue. Rethinking Resilience For the past 20 years, leaders have thought about cybersecurity almost entirely in the context of their firm alone. They focused on investing in systems that would keep their company running in the event of an attack, and assumed cybersecurity meant protecting their information and their processes from malicious actors. Unfortunately, this perspective has reached its limits. Firms do not operate in a vacuum, they operate in an interconnected ecosystem which must become resilient. “Two decades of outsourcing have turned once-homogeneous environments into interdependent systems-of-systems, stitched together by shared third parties and platforms,” says David LaFalce, Chair, Business Resilience Council. In today’s interconnected ecosystem, treating incidents and continuity as primarily internal events no longer works. Many of the most consequential failure modes sit outside any one company’s direct control. The current reality is that organizations must defend together and coordinate at speed to prevent systemic impacts. Security depends on sharing the right information quickly in trusted communities so teams can validate signals and coordinate effective mitigations. Resilience means not only keeping services running for your company, but also enabling customers and partners to keep functioning, even if in a degraded state, to limit the blast radius of failures and prevent systemic disruption. A practical path exists from firm-level readiness to ecosystem-level resilience. The case study that follows shows how quickly a disruption becomes a multi-party event. From there, the discussion focuses on three shifts leaders can drive: from protection to coordination, internal continuity to service continuity, and third-party risk management to co-resilience. The final section provides actions leaders can implement this quarter. Case Study: The ACH Electronic Payments System To see why collective resilience matters, consider what happens when a shared service is impaired. In the spring of 2024, the BRC hosted a community tabletop exercise to test financial institutions’ resilience during a large-scale disruption of the Automated Clearing House network, which processes U.S. electronic payments such as payroll direct deposits, Social Security benefits, and tax refunds. In 2024, ACH processed over 33 billion payments valued at $86 trillion. The exercise included hundreds of banks, credit unions, and core processors across a wide range of sizes. The scenario was designed to stress both service continuity and supply-chain dependencies. Day 1 began with ACH systems becoming inaccessible and national news reporting widespread outages. The scenario escalated to destructive wiperware erasing ACH systems and backups. On Day 2, it became clear that hundreds of financial institutions and a major payroll processor could not process ACH transactions and 20% of payments were failing. By Day 5, further compounding events included data exfiltration, a disinformation campaign, and a DDoS attack that affected customer access to online banking. A sustained impairment to ACH becomes a household and cross-industry problem quickly because payroll, benefits, refunds, and supplier payments depend on it. The exercise was explicitly built to explore systemic effects, third-party dependencies, customer confidence, and secondary attacks. Four key lessons emerged from this exercise: Shared-provider assumptions break in a crisis. Many institutions expected core processors to handle processing volume and manage backlogs during a sustained disruption, while core processors indicated they could not meet obligations. Lack of visibility delays action. Nearly half the respondents lacked tools to measure the level of impairment in ACH systems, delaying detection and decisions about prioritization and shifting to degraded service models. Third parties may be unable or unwilling to render aid. In sector-wide events, shared providers can be overwhelmed or disrupted themselves and may be reluctant to reestablish connections with partners. Exercising with critical third parties exposes those expectation gaps and drives adoption of operational resilience practices to better achieve MVSLs. Communications and misinformation management are resilience controls. Key concerns included unified communications to regulators, customers, vendors, and the public, plus explicit planning to counter misinformation that can trigger panic and secondary shocks. These gaps only become visible in a multi-party drill with vendors and customers at the table. The exercise reinforced that coordination with third parties and peers is a necessary resilience control process, and that resilience expectations must be validated through preparation and joint testing. The case study illustrates the interconnected impact of ecosystem disruptions where resilience comes from preparation and speed of coordination drives outcomes. The next sections translate that lesson into three practical transformations leaders can implement in both their organization and their ecosystem. From Protection to Coordination Protection still matters, and leaders must make sure they have the right safeguards in place. But in ecosystem‑wide incidents, successfully managing time‑to‑coordination often determines who keeps operating. The organizations that move fastest and most successfully already have: Escalation paths and working relationships with named executives at key vendors. Secure, tested multi-party channels for rapid information sharing. Rehearsed workflows for how critical information and mitigations flow inside the company and across the ecosystem. In recent multi-industry events, from widely exploited third-party tools to major cloud service outages in Google and AWS, the differentiator was not a new security control. It was pre-established trust and live collaboration that compressed the time from detection to decision to resumption. Actionable Insight: Pull important vendors inside your response loop before you need them by establishing a secure coordination channel, naming contacts, and rehearsing how critical information and fixes will flow under time pressure. From Internal Continuity to Service Continuity Traditional business continuity plans ask, “How do we recover our business?” In contrast, operational resilience at the firm level asks, “How do we keep delivering important services to our customers through a crisis?” Answering that requires a service-first view: Identify which services your customers depend on, define an MVSL for each, and design how you will operate in an impaired but acceptable state. The BRC created an Operational Resilience Framework that provided a seven-step path that leaders can adopt to answer these questions. When critical vendors and suppliers apply the same practices, the result is ecosystem resilience that minimizes systemic impact and consumer harm. Actionable Insight: Prioritize your customer segments and define MVSLs for each key service. Establish Service Delivery Objectives that specify how quickly you will reach your target impaired state. Then build methods to detect early signs of impairment , and test failovers to reach target impaired states predictably. From Third‑Party Risk Management to Collective Resilience Third-party risk becomes systemic when expectations and capabilities don’t match. As the ACH disruption exercise showed, many banks assumed shared providers could carry transaction volume during a crisis when, in reality, they could not. Nearly half the participants in that exercise also lacked tools to measure service impairment in real time. These are classic sources of systemic surprise and can only be avoided by preparing and practicing resilience together with critical vendors. Actionable Insight: Convert third‑party risk management into co‑resilience by aligning contracts to MVSL/SDO outcomes and participating in cross-sector, vendor-in-the-loop exercises so recovery options are proven in practice. What Leaders Can Do Today Identify must-have services. Name three services your organization must keep alive to prevent customer harm. For each, prioritize customer groups and define the MVSL that prevents downstream disruption. Define the objectives and mechanisms to reach that impaired state during a crisis and build redundancies to remove single points of failure. Monitor for impairment. Don’t let customer complaints be your first alert. Instrument each service and set thresholds that trigger fallbacks to pre-defined impaired modes, so the highest-priority transactions continue to be processed during the disruptive event. Pre-wire vendor engagement for collective resilience. Establish escalation contacts, secure communication channels, and contractual resilience obligations with critical vendors. Plan for sector-wide outages and clarify in advance how your organization will be prioritized among peers when a shared provider is in trouble. Practice operating in the impaired state before those configurations are actually needed. Once minimum service levels are defined, engineer the target impaired-state configurations so your highest-priority flows continue during a crisis. Practice shifting from full-service to impaired service and back again. Ensure the MVSLs are achievable and meet customer needs. Repeated drills will shorten the transition time between impaired states and full resumption and build confidence in recovery playbooks. Use centralized exercises. One-to-one customer tests don’t scale when a vendor serves thousands. Participating in centralized exercises is how organizations move from firm-level operational resilience to ecosystem-level collective resilience. Ensure critical providers actively share information in trusted communities and participate in sector-wide and cross-sector exercises. This will surface mismatched assumptions and strengthen joint resilience before issues become systemic. With a collective resilience mindset, a clear plan to keep both your organization and its ecosystem operational during an incident, and a habit of practicing the shift from normal operations to minimal service delivery, your organization will be prepared to weather the crisis. The alternative is far less appealing.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Brooks Nader requires ambulance rescue after severe food poisoning strikes during tropical birthday tripFox News Channel offers its audiences in-depth news reporting, along with opinion and analysis encompassing the principles of free people, free markets and diversity of thought, as an alternative to the left-of-center offerings of the news marketplace.
Read more »
OTB Showed Resilience in 2025, Highlights Growth at Maison Margiela and DieselOTB Group CEO Ubaldo Minelli underscored the focus on creativity and strategic investments, as Maison Margiela and Diesel grew in 2025.
Read more »
‘Fighting Cancer on My Terms’: Bruce Hamilton shares cancer journey to inspire hope, resilienceMorning Show anchor Bruce Hamilton wanted to share an important update with News4JAX viewers about his health. He’ll be chronicling his cancer fight in hopes that others will find hope and healing through his journey.
Read more »
From trauma to healing: One woman’s journey to resilience and communityAmber Washington, author of “(W)hole: My Journey to W”, shares her story of trauma, healing, and resilience.She discusses writing her memoir, creating Whole He
Read more »
Everyday ResilienceExploring connections between emotions, health, and wellness
Read more »
Macro Resilience, Tech Resistance as Rotation Into Cyclicals ContinuesMarket Analysis by covering: S&P 500, Coca-Cola Co, McDonald’s Corporation, Adobe Systems Incorporated. Read 's Market Analysis on Investing.com
Read more »