The Business Resilience Council (BRC) is a nonprofit, member driven, analyst-supported, multi-sector community that welcomes organizations to share information and collaborate on significant threats and incidents that impact business operations. The BRC provides businesses with all-source threat information, an award-winning framework for operational resilience, a vendor connection program for third-party security, and an exercise program for testing emergency preparedness, operational resilience, business continuity and disaster recovery.
The BRC is designed for cross-sector collaboration among professionals in cyber and physical security, geopolitical risk, business continuity and disaster recovery, AI security and trust, and third-party risk. It supports organizations with regional, national and international footprints that must manage significant crises and navigate response scenarios in order to maintain operations.
Information
Sharing
Multi-sector sharing of all-hazard threats, incidents, vulnerabilities and best practices
Operational
Resilience
Framework for operational resilience against disruptive and destructive events
Third Party
Risk Connection
Collective defense and engagement with vendors and suppliers before, during, and after incidents
Playbooks and
Exercises
Testing and guidance for business continuity, disaster response and recovery plans
Products and Services
Topic-based working groups to collaborate with industry experts
Cross-sector chatrooms for real-time collaboration and information sharing
Information sharing portal
All source and multi-sector alerts and reports
Resilience focused analysis
Event-driven Situational Awareness Dashboard
Multi-sector Situational Awareness Reports
Threat and resilience discussions and presentations
Event-driven emergency member meetings
Peer-to-peer collaboration and information exchange across the Global Resilience Federation ISAC/ISAO network
Participation in exercises and development of the Operational Resilience Framework, security standards, and playbooks
Exercise
The GRF Business Resilience Council’s ORF Tabletop Exercise series challenges teams to test resilience, refine incident response, and share best practices through panel-led discussion with real-time inputs and data aggregation. Participants deepen their understanding of service dependencies and their organization’s ability to adapt and maintain operations across threat types.
Past Exercises
ACH Payments
Disruption Exercise
After Action Report
In spring 2024, the Global Resilience Federation and Nacha ran free, half-day tabletop exercises simulating a destructive wiperware attack and a major ACH outage.
What participants practiced:
Drilled IT operations response under pressure as timed injects advanced
Improved prioritization and decision-making during cascading outages
Rehearsed media handling and external communications
Practiced law-enforcement and regulatory engagement
Shared cross-organization practices to strengthen operational resilience
Telecommunications Disruption Exercise
After Action Report
In summer 2025, the Business Resilience Council ran an all-sector tabletop exercise series on a prolonged regional telecom outage, bringing together hundreds of participants across a dozen industries to test how organizations sustain important services during degraded connectivity.
Core lesson: telecom outages cascade via shared carriers, platforms, and third parties.
Strengths: many had applicable continuity plans, had exercised comms-outage response, and mapped key dependencies.
Gaps: 58% couldn’t confirm Day 3 impaired-state targets; 80% couldn’t confirm DROs; 48% lacked distributed critical data backups.
All-Sectors Payment Disruption Exercise
After Action Report
In fall 2024, the Global Resilience Federation ran free, cross-sector tabletop exercises focused on a widespread payments disruption driven by coordinated attacks on third-party platforms and a surge of misinformation.
Key takeaways:
Participants made timed decisions to quickly surface real-world priorities
Identified vendor dependencies and critical third-party points of failure
Exposed communications gaps (internal, external, and cross-sector)
Reinforced the Operational Resilience Framework
Enabled best-practice sharing across industries