Quarterly Resiliency Forecast-Winter 2025
Editor’s Note: For this year’s Looking Ahead Resiliency Forecast, I reached out to TRI’s Leadership Team & Advisory Board (Advisors), which comprises experienced security, risk, and resilience professionals, to share their perspectives on the risks that organizations should closely monitor in the coming year. Our forecast below is a synthesis of their responses to five guiding questions. Together, their insights highlight emerging challenges on the horizon and, more importantly, provide practical steps organizations can take now to strengthen preparedness, continuity, and resilience.
1. What emerging risks do you see on the horizon for 2026 that organizations are not yet preparing for, but should be?
Advisors consistently identified reduced external support during disasters and disruptions as a growing risk. Organizations may increasingly be expected to operate with greater self-reliance, as external assistance, whether governmental, regional, or sector-based, may be more limited, delayed, or uncertain.
At the same time, vendor instability is emerging as a significant concern. Changes in global markets, operating costs, and supply chains may lead to vendors or service providers closing with little or no warning, leaving organizations exposed if they rely too heavily on single providers.
Additionally, Advisors emphasized the accelerating role of artificial intelligence in amplifying cyber risk. AI-enabled tools are significantly enhancing the ability of threat actors, often operating beyond the reach of law enforcement, to conduct highly effective social engineering campaigns, penetrate networks, and mask intrusion activity.
This risk is compounded by supply chain cyber dependencies, where an organization’s security posture is only as strong as that of its least-secure vendor. Complex, global supply chains are increasingly exposing organizations to indirect network intrusion through partners that lack mature detection and mitigation capabilities.
Finally, Advisors also highlighted the rise of state-aligned cyber and physical sabotage risks, particularly for organizations whose operations, partnerships, or supply chains intersect with geopolitical tensions. In this environment, companies may face threats not only because of where they operate, but because of how they are connected across borders.
Action Steps for Organizations:
Identify single points of failure in vendor and supplier relationships.
Develop contingency plans for sudden vendor disruption or loss, including alternative providers.
Treat cybersecurity as a shared responsibility within the supply chain, not an isolated internal function.
Conduct due diligence on vendors’ cyber detection and mitigation capabilities, and embed enforceable security requirements into contracts.
Assess organizational exposure to state-aligned cyber and infrastructure risks, including indirect dependencies.
2. Which current global trends are most likely to disrupt organizational continuity in the next 12 months?
Advisors cautioned against viewing geopolitical, technological, economic, climate, or social risks in isolation, noting that their convergence is what creates the greatest disruption.
Geopolitical dynamics are increasingly characterized by the erosion of long-standing norms and enforcement mechanisms, leading to increased uncertainty for organizations operating across borders or within allied ecosystems.
Technological advancements, particularly in AI, have expanded the capabilities of sophisticated actors while raising the bar for organizational defense, requiring greater investment in both technical systems and human expertise.
Economic pressures tied to supply chain concentration and shifting global trade conditions are forcing organizations to reassess cost structures, sourcing strategies, and workforce models.
Climate-related impacts are increasingly viewed through an operational lens, less as abstract future risks and more as predictable stressors affecting water availability, food systems, migration, and regional stability.
Social dynamics, including workforce mobility, skills shortages, and shifting societal expectations, introduce internal risks related to trust, cohesion, and the protection of sensitive information.
Disinformation and misinformation further complicate this landscape by distorting situational awareness during crises, undermining trust, and increasing the risk of delayed or misinformed decision-making.
Action Steps for Organizations:
Conduct scenario planning for technology outages, economic disruption, and prolonged operational stress.
Stress-test continuity plans against compound and overlapping risks.
Ensure leadership teams understand how global trends translate into local operational impacts.
Identify, document, and regularly validate a set of trusted information sources, including sector authorities, operational partners, and primary data providers, to inform decision-making and communication during disruptions.
3. What practical steps should organizations take right now to strengthen resilience against emerging risks?
Advisors emphasized that resilience must be integrated into core business decision-making, rather than being treated as a parallel function. This includes evaluating geopolitical, cyber, societal, and environmental risks alongside financial considerations when making investments, entering new markets, or restructuring operations.
A critical and less mature area identified is workforce-related risk, particularly where access to sensitive systems, intellectual property, or critical technology is involved. Effective mitigation requires coordinated involvement across security, HR, legal, and executive leadership to ensure hiring, access controls, and monitoring processes are robust, consistent, and legally sound.
Importantly, Advisors noted that organizations can mitigate these risks by applying uniformly high standards for access and protection across roles, rather than relying on differentiated or reactive measures.
Action Steps for Organizations:
Incorporate geopolitical, cyber, workforce, and environmental risk analysis into business investment decisions.
Apply consistent, high standards for access to critical systems and information across the workforce.
Ensure risk mitigation planning involves cross-functional leadership, not just security teams.
4. Where are the most significant gaps in preparedness, and how can leaders close them?
Two recurring gaps emerged:
Staffing and capacity constraints limit the ability to engage in meaningful preparedness activities.
A disconnect between leadership and frontline staff, where planning and training occur in silos rather than as an integrated effort.
Notably, Advisors stated that the most significant preparedness gap identified is the lack of executive prioritization. Advisors observed that while leadership teams devote substantial time to financial, legal, and transactional risk, strategic risks to continuity of operations often receive minimal attention until they materialize.
This imbalance creates a false sense of security, despite the reality that disruptive events ultimately impact quarterly financial performance, shareholder value, and organizational reputation. Advisors stressed that leaders should evaluate continuity risks with the same rigor applied to mergers, acquisitions, and major investments.
Action Steps for Organizations:
Ensure preparedness, continuity, and risk management activities are explicitly aligned with core operational and business objectives, so risk analysis informs priorities, resource allocation, and decision-making.
Evaluate continuity risks based on their potential impact on financial reporting and operations.
Align leadership and operational teams through joint exercises, training, or cross-facilitated discussions.
5. What is one piece of advice organizations should follow to enhance crisis readiness in the coming year?
Advisors strongly recommended institutionalizing executive-level “what if” scenario planning. Regularly exercising plausible risk scenarios enables leaders to identify gaps, clarify decision-making roles, and build confidence before a crisis occurs. Making this a formal expectation, embedded in leadership accountability structures, signals that resilience is a strategic priority, not a discretionary activity.
Action Steps for Organizations
Conduct annual executive-level “what if” scenario exercises tied to high-impact risks.
Use exercise outcomes to inform planning updates and mitigation investments.
Reinforce accountability by linking preparedness participation to leadership performance expectations.
Summary
As organizations look ahead to 2026, resilience will increasingly depend on the ability to operate amid uncertainty, limited external support, and growing interdependencies across technology, supply chains, workforce, and information sources. Disruption is more likely to be complex and cascading, requiring organizations to adapt quickly while making decisions with incomplete or conflicting information.
Preparedness is no longer a standalone planning function; it directly influences operational continuity, financial performance, and organizational credibility. Organizations that embed risk awareness into everyday operations, align continuity planning with business objectives, and proactively address cyber, vendor, and information risks will be better positioned to withstand disruption and recover more effectively in an increasingly complex risk environment.
The TRI Influence
Attend the International Association of Emergency Managers (IAEM)-USA Region 6 Symposium, February 9-12, 2026, in Webster (Houston), Texas. Our emergency management intern, Nancy Carrouth, will discuss the strengths of Gen Z and how they can transform your emergency management department. Additionally, our President and CEO, Andrea Davis, will share best practices from her 25+ career building public-private partnerships in emergency management.
Register for the annual Critical Infrastructure and Protection North America Conference, March 10-12, 2026, in Baton Rouge, Louisiana, where TRI is proud to be an Executive Sponsor! We’re excited to offer our network a 20% delegate discount—use code RESI20 when booking. Don’t miss this opportunity to connect with industry leaders, explore the latest technologies, and join critical conversations on infrastructure protection and resilience. Our Board Chair, Joseph Threat, and our President and CEO, Andrea Davis, will take the stage to share TRI’s thought leadership on public-private partnerships and national and regional preparedness.
Subscribe to TRI’s YouTube channel and be the first to watch our upcoming series: Profiles in Resiliency: Stories of Hope and Tenacity. Uncut from America’s Heartland. This passion project, led by our President and CEO, Andrea Davis, brings friends and colleagues to the TRI couch to share authentic stories of grit, perseverance, and resiliency. Each conversation captures the heart of what it means to rise above challenges and inspire others along the way.
The Resiliency Initiative’s Rogers, Arkansas office.
Spotlight: Our 2025 Interns
As we close out the year, TRI would like to extend our sincere gratitude to the interns who supported our work and contributed meaningfully to our mission. Their curiosity, professionalism, and commitment to learning strengthened our team and reinforced the importance of investing in the next generation of resilience leaders.
This year, we were fortunate to welcome Nancy Carrouth and Andrew Gerboth to our team. Nancy, who is completing her Bachelor of Science in Emergency Management at Arkansas Tech University in 2026, brought fresh insights grounded in academic rigor and a passion for community preparedness. Andrew, pursuing both a Bachelor’s and Master’s of Science in Accounting at San Diego State University with an anticipated graduation in 2027, applied analytical precision and a strategic mindset to our operational and financial efforts.
Nancy will graduate with a Bachelor’s degree in Emergency Management from Arkansas Technical University in the Spring of 2026. Nancy aspires to support emergency preparedness for military and first responder families.
.
Andrew will graduate with both a Bachelor's and a Master’s in Accounting in the Spring of 2027 from California State University, San Diego. Andrew aspires to be a Special Agent for the FBI in the financial crimes division.
We are grateful for their contributions and wish Nancy and Andrew continued success as they advance in their academic and professional journeys. We are confident they will carry forward the values of resilience, collaboration, and thoughtful leadership in the years ahead.
Recent Blog Posts
October 2025: A New Chapter in Our Journey: Introducing The Resiliency Institute
November 2025: What Thanksgiving Teaches Us All About Continuity Planning
Editor’s Note
As we close out another year, I want to extend my sincere gratitude to our clients, partners, and collaborators who continue to place their trust in The Resiliency Initiative. Your engagement, feedback, and partnership not only shape our work but also strengthen our collective ability to build more resilient organizations and communities.
This year, we were especially honored to be recognized by our peers and the broader resilience and security community. TRI was selected as Most Innovative Continuity of Operations / Business Continuity Provider by Cyber Defense Magazine and was also named a finalist for Service Provider of the Year by DRI International. These acknowledgments would not have been possible without the support of those who voted, collaborated with us, and challenged us to continuously improve.
Thank you for allowing us to do this work alongside you. We look forward to continuing our partnerships in the year ahead and to advancing resilience together in an increasingly complex risk environment.
Happy holidays to you all!
— Andrea E. Davis, President & CEO
About TRI
At TRI, we’re more than consultants—we’re partners in helping communities and organizations thrive through crisis. As a certified women-owned and run small business enterprise, we take pride in being a boutique firm with a personal touch, delivering high-impact, hands-on support tailored to the unique needs of every client we serve.
For communities, we focus on what matters most: hazard mitigation, evacuation planning, continuity of operations, and dynamic training and exercises that build real-world readiness. For organizations, our strength lies in business continuity planning and simulations that keep operations steady, even in the most uncertain times.
What sets us apart is the depth of our experience. Our leadership team brings decades of firsthand expertise from FEMA, Fortune 500 corporations, the military, local governments, and the nonprofit sector. We don’t just check boxes—we empower people to lead with confidence when it matters most.
To request a free consultation, email info@theresiliencyinitiative.com or call +1 (877) TRI-7191
