Insights from the Chicago Resilience Summit: What’s Next for Operational Resilience

Fusion recently hosted an interactive session at the Chicago Resilience Summit, where 71 participants from 28 organizations came together to share perspectives on the state of operational resilience. The discussion was candid, practical, and forward-looking, surfacing critical challenges that resilience leaders face today and the opportunities shaping tomorrow’s programs. 

Below are key themes that emerged from the session; insights that are already helping shape future event discussions and resilience strategies across industries. 

What Keeps Resilience Leaders Up at Night? 

Data Integrity: The Core Challenge 

Participants repeatedly cited data integrity as a fundamental concern. Many organizations are struggling to establish a single source of truth and clear ownership of data across risk and resilience functions. Key gaps include:

• Fragmented systems and unclear ownership make it difficult to manage data quality, taxonomy, and governance. 
• Integration challenges between internal and external systems lead to incomplete or inconsistent datasets. 
• Data accessibility remains a barrier, with uncertainty about how to access key information or who controls data initiatives. 
• Cross-departmental silos hinder holistic visibility into risks and business impacts. 
• Program accountability and confusion over data ownership in analyses like BIAs (business impact analyses) slow decision-making. 
• Data cleanliness continues to require ongoing attention to ensure reliable insight. 

The takeaway: data integrity is the foundation of resilience, but it remains one of the most difficult areas to operationalize. 

Executive Needs: Direction, Metrics, and Communication 

Another strong theme centered on the executive dimension of resilience: how to secure engagement, communicate effectively, and quantify results.  

• Leadership priorities continue to shift as the risk landscape evolves, creating uncertainty around where to focus.
• Teams face difficulty providing quantifiable metrics that demonstrate resilience progress or improved risk posture.
• Communication gaps persist, as technical teams balance detailed information with the need for clear, actionable insights for non-technical leaders.

Resilience leaders are seeking ways to align program performance with executive expectations and make operational resilience data visible, measurable, and strategic. 

External Risks: Expanding the Risk Perimeter 

The conversation around external risks confirmed growing concern over third-party dependencies and emerging technologies. 

• Heavy reliance on cloud providers introduces concentration risk and resilience blind spots.
• Third-party risk management (TPRM) processes often lack complete data and consistent prioritization.
• Cyber resilience readiness remains uncertain, particularly around backup validation and recovery speed.
• Emerging technologies, including artificial intelligence (AI) and “shadow AI,” are introducing unregulated and poorly understood risks.
• Geopolitical and economic shifts, such as tariffs and supply chain disruptions, continue to create volatility.

Participants agreed that external dependencies now represent systemic risks, requiring broader visibility and coordinated response strategies. 

Regulations: Staying Ahead of Change 

Regulatory complexity continues to challenge organizations. Many programs still operate in reactive mode, adjusting only after new mandates take effect. 

• Evolving standards like the NIST Cybersecurity Framework (CSF) 2.0, the Critical Entities Resilience (CER) Directive, and the Digital Operational Resilience Act (DORA) are difficult to align globally.
• The definition of “systemically critical providers” remains unclear in some federal reporting contexts.
• Trade, AI, and policy shifts further complicate compliance readiness.

The theme was clear: organizations want to move from reactive compliance to proactive readiness, embedding regulatory awareness directly into their operational resilience framework. 

Where Can Organizations Aim to Improve?

Outcomes: Building Alignment and Shared Understanding 

Participants emphasized the need for cross-organizational alignment, breaking down silos, and creating shared understanding. 

• Many called for a unified risk taxonomy that connects functions and departments.
• There’s strong interest in benchmarking and collaboration, using industry-wide insights to collectively advance resilience.
• Cross-functional engagement remains limited, particularly with departments like Legal.
• Learning through real-world case studies (such as global cyber events) was highlighted as a powerful tool for transparency and communication.

Operational resiliency is increasingly seen as a collaborative discipline that depends on connection across teams, systems, and experiences. 

Regulations: Connecting Compliance and Strategy 

Participants expressed a need to make compliance more strategically integrated and less tactical. 

• There’s ongoing misalignment between regulatory bodies, especially across borders.
• Many want control mapping tools that recognize existing work across multiple standards — like Fusion’s control crosswalks.
• Incident reporting triggers still lack standardization, causing confusion and inefficiency.

Organizations are seeking to position compliance as a strategic enabler of resilience, rather than a routine or procedural exercise. 

Resilience: From Governance to Daily Practice 

Resilience software and maturity continues to evolve, but many programs are still defining ownership and structure.  

• There’s uncertainty around where resilience should “sit” within the organization and how it connects to other risk domains.
• Participants called for business-led ownership, supported by a central resilience team.
• Testing remains too narrowly focused on disaster recovery, with limited end-to-end exercises.
• The goal is to embed resilience into daily operations, not just annual events.
• Repeatable engagement processes before, during, and after incidents are key to strengthening operational readiness.

Ultimately, resilience must move beyond frameworks to become a repeatable capability that’s part of everyday decision-making.  

The Road to Connected Resilience 

The Chicago Resilience Summit underscored that resilience is both a data challenge and a leadership challenge. Organizations are striving for cleaner data, clearer accountability, and stronger alignment across risk, continuity, and compliance functions. 

As operational resilience software matures, the conversation shifts from reactive recovery to proactive and connected operations, where data, technology, and people come together to create a continuous state of readiness. Fusion is proud to support our customers as they build the frameworks, connections, and confidence that define true operational resiliency.