For much of the last decade, sustainability has shaped how organisations think about risk. It has helped explain why climate change matters, why biodiversity loss creates business impacts, why supply chains are vulnerable and why long-term dependencies deserve attention. Sustainability introduced systems thinking into boardrooms and encouraged organisations to look beyond short-term performance towards the wider environmental, social and economic systems on which they depend.
That work remains essential. Yet across business, government and regulation, a new organising concept is increasingly emerging: resilience.
This is not because sustainability has failed, nor because it has become less important. In many ways, sustainability has succeeded in helping organisations understand the challenges ahead. The next challenge is deciding what to do when those challenges become operational realities.
From understanding risk to withstanding disruption
One way to understand the shift is that sustainability helps organisations understand systemic risks, while resilience focuses on withstanding disruption when those risks materialise.
Climate change, geopolitical instability, resource constraints, cyber threats and supply chain concentration are no longer viewed solely as future concerns. Increasingly, they are being experienced as present-day operational challenges.
Energy price volatility, infrastructure disruption, extreme weather events, supplier failures and technology outages are no longer abstract scenarios discussed in risk registers. They are events affecting organisations today.
Resilience has therefore emerged as the practical counterpart to sustainability. If sustainability asks what matters, resilience asks what fails. If sustainability focuses on impacts, resilience focuses on dependencies. If sustainability encourages disclosure, resilience demands continuity.
Together, they provide a more complete picture of organisational preparedness.
Why resilience is moving up the agenda
Several factors are driving this shift.
Geopolitical tensions have exposed vulnerabilities in critical supply chains. Climate-related events continue to test infrastructure, transport systems and energy networks. Digital transformation has increased dependency on interconnected technologies. At the same time, organisations are operating in a period where uncertainty increasingly feels structural rather than temporary.
At London Climate Action Week in June 2026, observers across the finance programme noted a striking rebalancing of more sessions on adaptation and resilience than on climate change mitigation. While one of the UN’s largest sustainable finance gatherings ran under the theme “From Risk to Resilience”.
As a result of needing to describe resilience progress, leadership teams are being asked a different set of questions.
Can critical services continue if a major supplier fails? What happens if a key facility becomes unavailable? How resilient are technology platforms and essential infrastructure? How quickly can operations recover after disruption?
These questions move beyond disclosure and reporting. They focus on operational capability.
The convergence of sustainability, risk and security
One of the most significant consequences of the resilience agenda is the convergence of functions that have traditionally operated separately.
Over the past decade, sustainability teams have developed expertise in climate risk, value chain analysis and long-term dependencies. Risk functions have focused on enterprise-wide threats and uncertainties. Security teams have concentrated on physical and cyber protection, while business continuity specialists have prepared organisations for disruption and recovery.
Increasingly, these disciplines are being drawn together under a common resilience agenda.
The EU Critical Entities Resilience (CER) Directive provides a useful illustration. Although often viewed as a regulatory development, it is more significant as a signal of where policy thinking is heading. Climate-related events sit alongside cyber incidents, technological failures, public health emergencies and malicious acts within a single all-hazards resilience framework.
Perhaps most tellingly, in Ireland, responsibility for CER sits within the Department of Defence rather than departments traditionally associated with sustainability policy. Symbolically, this reflects a broader shift from viewing many of these issues primarily through an environmental lens towards viewing them through the lens of continuity, preparedness and security.
At London Climate Action Week 2026, climate security carried a visibly higher profile than in previous years, with resilience and national security discussed alongside nature and infrastructure risk. At the EU level, the Preparedness Union Strategy advises citizens to be self-sufficient for at least 72 hours in a crisis, and across Europe, the file is migrating from environment ministries to security ones. As always, useful case studies for Ireland can be found in Nordic countries.
What CER really moves: ownership
The most revealing property of resilience is that it does not necessarily introduce entirely new work. Instead, it changes how existing work is framed, governed and owned.
Climate risk assessments, dependency mapping, scenario analysis, supply chain reviews and business continuity planning already exist in many organisations. What is changing is the context in which they are being considered.
Activities that may previously have sat within sustainability or ESG programmes are increasingly being viewed as components of organisational resilience. They are becoming more closely connected to risk management, security, operations and governance functions.
In that sense, resilience is creating a new centre of gravity within organisations. The work may not be new, but expectations around accountability, ownership and operational readiness are evolving.
A new challenge for boards
Boards have spent recent years becoming familiar with sustainability disclosures, emissions reporting and ESG governance. The next phase may place greater emphasis on resilience.
The question is no longer simply whether organisations understand their risks. Increasingly, it is whether they can demonstrate the capability to operate through them.
This shifts the conversation from future exposure to present preparedness, from disclosure to continuity and from narrative to operational competence.
For leadership teams, resilience is rapidly becoming a governance issue that sits alongside financial, operational and cyber risk.
The market is running the same arithmetic. Practitioners at London Climate Week described climate risk as a threat to financial stability rather than a purely physical exposure, estimates of the investment needed to strengthen UK resilience run to some £11 billion a year and structures such as resilience bonds are being tested to make adaptation an investable class in its own right.
Looking ahead
The organisations best positioned for the future are unlikely to view sustainability and resilience as competing agendas. Rather, they will recognise resilience as a natural evolution of many of the conversations sustainability has already started.
If the last decade was focused on understanding systemic risks, the next may be defined by how effectively organisations prepare for and respond to them.
Resilience is not replacing sustainability. It is increasingly becoming the operational expression of it.
At London Climate Action Week, practitioners called for a common language of resilience; at COP30, governments adopted the first indicators to build one. The language is now being incorporated into strategies, statutes and stress tests. The organisations that learn to speak it early will do more than comply with the new regime; they will have a role to play in constructing it.
Learn more about the practical implications of the EU Critical Entities Resilience Directive.