For years, disaster recovery (DR) has been the cornerstone of enterprise continuity planning. When an outage struck, recovery plans were activated, systems restored, and lessons noted for next time. But that playbook no longer fits the scale or speed of disruption facing enterprises today. When an outage struck, recovery plans were activated, systems restored, and lessons noted for next time. But that playbook no longer fits the scale or speed of disruption facing enterprises today
As ransomware attacks, Software as a Service (SaaS) outages, and cloud dependencies expose new layers of vulnerability, simply recovering is no longer enough. More than half of infrastructure and operations (I&O) leaders now cite resource constraints as their biggest barrier to strengthening IT resilience. This demonstrates that organisations are struggling to keep pace with this rising risk and complexity.
In 2025, the conversation must shift. The question for I&O leaders is no longer “How fast can we get back online?” but “How can we continue to operate when recovery isn’t possible?”
The limits of traditional disaster recovery
Disaster recovery was designed for a time when systems were contained, and dependencies were predictable. Backups were local, failover sites were dependable, and infrastructure ownership sat firmly within IT’s control. That world has changed.
Modern companies now rely on complex, distributed ecosystems spanning cloud, SaaS, partners, and suppliers. An outage in one service can trigger cascading failures across regions and business units.
This new reality exposes a critical gap: recovery efforts may look successful on paper yet fall short in practice. Systems may be restored, but customer experience, regulatory obligations, and business performance often fail to recover at the same pace. This reveals that restoration is not the same as resilience. True resilience, not just technical uptime but it is about maintaining continuity of service, trust, and reputation.
From reactive recovery to proactive resilience
Resilience extends far beyond backup and restoration. It is a holistic, organisation-wide capability that spans cyber risk, SaaS dependency, and operational continuity. The most advanced enterprises treat resilience as a shared discipline that cuts across infrastructure, operations, and governance.
They begin by anchoring resilience to business outcomes rather than technical metrics. When success is measured by the protection of revenue, compliance, and customer experience, it earns stronger sponsorship from the boardroom.
They also adopt a tiered approach to standards, aligning resilience requirements to the criticality of each system or service. Mission-critical customer platforms may warrant the highest tier, while internal productivity tools can operate at a lower level, ensuring investment is directed where disruption would cause the greatest harm.
Finally, organisations are investing in observability and Site Reliability Engineering (SRE) to make resilience proactive. Gartner research shows that 31% of organisations plan to adopt SRE practices within the next year, reflecting a broader shift toward self-healing, continuously validated systems that anticipate and absorb failure rather than merely respond to it.
Why the shift matters now
Resilience has moved from being an operational concept to a strategic one. This shift is being accelerated by several powerful forces.
The most significant driver is the immediate financial and reputational cost of failure. Modern customers expect services to be always-on; any disruption, whether from a breach or a simple outage, can lead to immediate customer churn, lost revenue, and lasting damage to a brand’s reputation.
Regulation is top of the list. Across sectors such as finance, healthcare, and critical infrastructure, regulators are demanding demonstrable proof of operational resilience — not just recovery plans or vendor assurances.
Cyber escalation is another driver. Ransomware, data breaches, and supply chain attacks have elevated resilience from an IT responsibility to an enterprise risk issue, requiring coordinated action between CIOs, CISOs, and boards.
Reliance on SaaS is adding new layers of complexity to resilience. As more mission-critical functions move into cloud and software-as-a-service ecosystems, organisations must account for vendor reliability and operational practices that sit outside their direct control. This has exposed the limitations of traditional Service-Level Agreements (SLAs). While SLAs define a vendor’s promise of uptime, leading firms are now adopting internal Service-Level Objectives (SLOs) to measure the actual customer experience. SLOs focus on what user’s sentiments are when using the products. Latency, performance and error rates provide a far more accurate view of continuity than a simple vendor contract.
These dynamics have redefined resilience as a collective business responsibility, one that demands close collaboration between operations, risk, procurement, and security functions. The conversation is no longer “how do we recover?” but “how do we continue?”
Building a modern resilience framework
Moving beyond DR requires a new operating model, one that combines practical governance with cultural change. Successful organisations start by stabilising immediate risks, ensuring Tier-0 systems (core infrastructure or customer-facing services) and essential services are protected, before expanding to a programmatic approach.
They co-create resilience standards across enterprise architecture, business continuity, and vendor management functions, establishing a shared language for what “good” looks like. Resilience frameworks that distinguish between in-house, cloud-native, and commercial applications avoid the one-size-fits-all trap that has derailed many DR initiatives.
Securing funding remains a persistent hurdle. Leaders that succeed make the case for investment by linking resilience directly to measurable business impact, demonstrating how improved continuity reduces regulatory exposure, revenue loss, and reputational damage.
Crucially, modern resilience extends beyond internal infrastructure to include SaaS and partner ecosystems. Organisations are learning to look beyond contractual compliance and assess how providers test for reliability, failover readiness, and recovery validation.
Perhaps most importantly, resilience is sustained through learning. Organisations that integrate continuous testing, chaos engineering, and blameless post-mortems into their operations are able to identify weak points before they become failures. Over time, resilience becomes embedded in the organisational culture, part of everyday decision-making, not an emergency response.
Resilience as a leadership test
Resilience is as much about mindset as it is about technology. It requires leaders to unite functions, challenge assumptions, and build a culture that values foresight over fault-finding. The most mature organisations don’t just meet targets; they brand their programmes, “AlwaysOn,” “Path to Platinum,” “Mission Continuity”, to create visibility, ambition, and accountability.
They measure not only uptime but customer-perceived reliability, ensuring technology performance aligns with business expectations. And they understand that resilience is never finished; it evolves alongside threats, architectures, and markets.
Because in a world of constant disruption, success is no longer defined by how quickly you recover but by how confidently you continue.
Gartner analysts will be exploring resilience frameworks, operational continuity, and evolving I&O priorities at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference in London on 17–18 November.
Hassan Ennaciri
Hassan Ennaciri is a Senior Director Analyst in Gartner’s Infrastructure and Operations group. With over 30 years of experience in IT, he advises clients on DevOps practices, tools, site reliability engineering (SRE), automation, and orchestration. Before joining Gartner, he held senior IT leadership roles in the financial and technology sectors, where he led digital transformation initiatives, modernised hybrid infrastructure platforms, and advanced cloud adoption strategies.
