The Everbridge Risk Intelligence Monitoring Center (RIMC) has designated the conflict between India and Pakistan a ‘special event’. This ensures complete and comprehensive coverage of the developing situation from a risk intelligence perspective.

The Everbridge RIMC analysts will have an enhanced focus on the conflict and will produce all information available in real time for customers – including updates on damage to infrastructure, travel implications and military operations. Our tactical resolution team has already produced multiple layers/KMLs detailing the planned blackouts surrounding Indian infrastructure, troop movements and drone missile strike locations.

Everbridge Response and Service Continuity Update – Guidance for Customers with Personnel in India

Source: Everbridge RIMC (May 9, 2025)

If your organization has personnel in or traveling to India or the surrounding area, we want to assure you that Everbridge is actively monitoring the situation as tensions escalate in the India-Pakistan region. At this time, there is no impact to Everbridge services, but we are taking proactive steps to protect staff, ensure operational continuity, and support customers who may be affected.

As part of our crisis response protocols, Everbridge has: 

• Activated our Crisis Management Team, which is meeting regularly 
• Reviewed support coverage and delivery infrastructure 
• Verified that our systems are resilient and not dependent on any single region 

We also want to take this opportunity to reinforce the importance of multi-modal communication during volatile events. In certain scenarios – such as regional conflicts or government-imposed restrictions – SMS or voice services may be delayed or disrupted. Everbridge supports a variety of delivery channels including email, app push notifications, desktop alerts, and phone calls, allowing for greater reach and redundancy when speed and reliability are critical. 

We will continue to monitor developments closely. Should there be any changes to service availability or delivery to affected areas, you will be notified immediately as an Everbridge customer. 

If you have any concerns or questions, please don’t hesitate to contact your Everbridge account representative. 

Even though Intermountain Healthcare was already a leader in telehealth response time for stroke victims, they knew they could further reduce the time required to connect neurologists with patients in need. With xMatters, they could streamline their notification processes, reduce the operational pain of reaching doctors over long distances, and provide patients with the best possible care even faster than before.

Anytime there is a major event—outages, weather situations, or things of that nature—we use Everbridge Mass Notification.

With Everbridge Assist’s support, this biopharmaceutical company was able to provide an exceptional level of care for their employee that ensured her wellbeing in the safest, fastest and most efficient way possible, in the face of a myriad of challenges.

Operational resilience has become a defining priority for organizations in sectors like finance and insurance, especially in the UK and Europe.  Although there are some differences between the FCA and PRA operational resilience frameworks and DORA (digital Operational Resilience) there are many overlaps and best practices which will slowly be adopted by other industries if it proves to be effective.  The concepts within operational resilience have merit even in pharmaceutical, healthcare, and manufacturing. With increasing disruptions caused by cyberattacks, supply chain issues, and evolving regulations, businesses need robust frameworks to protect critical services and maintain customer trust.  

From the framework defined by the Bank of England, a key component of defining metrics around important business services is “impact tolerance”, an essential concept that offers some tangible goals to determine how much disruption a business can tolerate before its operations, the consumers, the company, or even the market are jeopardized.  

This guide explores what impact tolerance means in the context of operational resilience, why it matters, and how businesses can effectively design and track their thresholds to strengthen resilience.  The concepts in this can be applied to any industry, even if not regulated by FCA/PRA or DORA.

What are impact tolerances in operational resilience?  

Defining impact tolerance  

Impact tolerance commonly is defined as the maximum tolerable level of disruption that an organization can endure without causing unacceptable harm to its operations, stakeholders, or customers. There are many metrics that can be used to measure what could or would cause harm and unlike broader risk management strategies, which aim to prevent disruptions entirely, impact tolerances acknowledge that incidents are inevitable. Instead, they focus on defining clear limits for disruption and ensuring the organization is prepared to recover before these thresholds are breached.  

For example, an impact tolerance might represent the maximum system downtime a business can allow before reputational harm or financial losses escalate. An impact tolerance could also be measured as a threshold of impacted customers, a financial loss threshold, an unacceptable wait time, a dropping NPS score or breach of SLAs. 

Impact tolerance vs. risk appetite and recovery time objectives  

While related, impact tolerance differs significantly from concepts like risk appetite or recovery time objectives (RTO). Risk appetite reflects the level of risk an organization is willing to take across its operations, while recovery time objectives set specific targets for restoring functions after an incident.  

Impact tolerance, on the other hand, takes a broader and more dynamic perspective. It considers the level of pain an operation endures during a disruption, focusing on more than just whether the system is operational. By continuously monitoring and responding to this “pain level,” organizations can adapt on the fly—potentially avoiding full-scale interruption.  Impact tolerance can also be used proactively, if a threshold is monitored, then potentially warnings can trigger alarms to indicate a escalating situation or pending disaster. 

Examples of impact tolerance metrics  

Common metrics to define impact tolerance include:  

• System downtime: Maximum allowable hours of service unavailability.  

• Financial thresholds: Dollar values representing unacceptable costs from disruptions.  

• Customer impact levels: Number of clients affected before customer trust is compromised.  

• Supply chain delays: Maximum tolerable delays in delivery or procurement processes.  

• SLA levels: Breach or approaching breach of SLAs 

• Customer complaints: This can be NPS scores, dropping renewals, customer complaint increases and levels of response time or customer satisfaction changes. 

• Larger impacts: Larger impacts to the company or market. 

Why are impact tolerances critical for resilience?  

Safeguarding critical business services  

Impact tolerance ensures critical business services, those essential for delivering customer value or meeting regulatory obligations, are protected during disruptions. It challenges businesses to predefine acceptable levels of disruption, enabling faster, coordinated responses and minimizing downtime.  

Aligning with regulatory expectations  

Global regulatory frameworks increasingly demand that organizations define and maintain impact tolerances to demonstrate operational resilience. For example, financial services regulators like the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) in the United Kingdom mandate impact tolerance assessments as part of operational resilience programs.  While Impact Tolerances are not necessarily part of Digital Operational Resilience Act (DORA) as a regulatory requirement, the importance of outlining services and their dependance on technology, supply chain, functions and CTPS (Critical Third Party Services) still align with concept of impact tolerance. 

Practical benefits

Impact tolerances support resilience by improving decision-making and fostering stakeholder confidence and having a better understanding of triggers, thresholds and warnings surrounding a company’s important business services. Furthermore, they help allocate resources better by focusing investments where they matter most.

The cost of disruptions

Operational disruptions have direct consequences for businesses, with financial and reputational costs rising every year. According to IBM, the average cost of a data breach alone globally was $4.88 million in 2024. Organizations with robust resilience frameworks, including impact tolerance thresholds, not only reduce the frequency of incidents but also mitigate their cost.

Steps to set effective impact tolerances

1. Identify critical business services

Pinpoint the services essential to achieving your organizational goals, meeting regulatory requirements, and serving customer needs. Examples include payment processing in financial services or supply chain coordination in manufacturing.

2. Identify critical dependencies

Identify dependencies on information and communication technology, functions/processes, supply chain, and critical third parties. 

3. Assess risks and threat scenarios

Evaluate the risks that pose the greatest threat to your critical services, such as cyberattacks, power outages, or pandemic-related disruptions. Prioritize risks with the highest likelihood and potential impact on your operations. Treat the risks with controls and risk methodology.

4. Determine impact tolerance thresholds

Define your organization’s limits for tolerable disruption based on financial, operational, and reputational factors.

• Example Case: A bank might determine its payment processing service cannot afford downtime exceeding 2 hours, as this would result in significant customer dissatisfaction and regulatory scrutiny.

Use financial modeling, stakeholder insights, and historical data to set realistic and achievable thresholds.

5. Test the impact tolerances in scenarios

Create scenarios to test the impact tolerances, document the results, report any issues or action items and update recovery strategies and tolerances to adapt.

6. Document and align with stakeholders

Work with leadership, departmental heads, and external regulators to ensure your impact tolerances align with organizational objectives and compliance standards.

Challenges in setting and tracking impact tolerances

Common obstacles

• Lack of clear data: Defining thresholds can be difficult without reliable metrics or historical data.
• Misaligned priorities: Different departments may have conflicting views regarding what qualifies as “critical.”
• Rigid approaches: Using inflexible methodologies can undermine efforts to adapt to evolving risks.
• Technology gap: Leveraging tools that do not effectively automate risk management can increase the negative impact of threats.

Overcoming challenges

• Implement cross-department collaboration to align on priorities.
• Leverage third-party experts to conduct unbiased impact tolerance analyses.
• Automate data collection, analysis and communication with cutting-edge tools, such as software solutions.

Strengthening operational resilience

Our comprehensive risk management services are designed to enable businesses to operate safe in the knowledge that everything possible is being done to ensure their people and other assets are protected. We combine deep security expertise with innovative technology to help you deliver the policies, training, protection and responses needed – no matter what.

Cyber breaches are a constantly evolving combination of threats and security concerns that can put organizations in turmoil. They require not only technical expertise but also strategic stakeholder management. From high-profile breaches like Sony’s network compromise to the ransomware attack on a hospital demanding $1.5 million, organizations face an ever-increasing threat landscape. Understanding how to manage stakeholders during a cyber-attack and adopting evolving strategies for breach detection are crucial for maintaining resilience. 

The critical role of stakeholder management in cyber-attacks 

Effective management during a cyber-attack starts with a well-defined response plan. Recognizing potential threats and understanding their impact is foundational. From service disruptions to data breaches, such as TalkTalk’s customer data leak, the repercussions can be severe. It’s essential to have a plan that operates 24/7, as attacks often occur outside regular business hours. Key components include: 

• IT security and incident teams: these are the frontline defenders. Ensure you have a dedicated team ready to address breaches and coordinate responses. 
• Legal counsel: engage legal advisors to manage compliance and potential liabilities if sensitive data is compromised. 
• Stakeholders: identify and communicate with all relevant parties, such as marketing, customer service, and employees, to ensure consistent messaging and support during an incident. 

Developing a communications plan is also critical. Steps include triaging information to stakeholders, informing them through secure channels, managing ongoing updates, and regularly rehearsing these processes to ensure preparedness. 

Shifting strategies: from prevention to detection 

The landscape of cybersecurity risk management is evolving. While prevention remains a priority, the focus has increasingly shifted towards detection. This shift acknowledges the sophistication of modern threats and the inevitability of breaches. Key strategies include: 

• Automation: leveraging automated tools for monitoring and incident management can significantly enhance detection capabilities. Automation helps in quickly identifying threats and reduces the impact on operations. 
• Threat intelligence: organizations should utilize advanced threat intelligence to anticipate risks and integrate this data into automated systems for improved resilience. 
• Industry collaboration: joining industry groups and staying informed about local and global cybercrime trends can help organizations stay ahead of potential threats. 

Preparing for the future 

Embracing these strategies ensures organizations are better equipped to handle cyber threats. Begin by evaluating the automation tools necessary for your organization’s needs and considering the return on investment for implementing these technologies. 

For over two decades, Everbridge has been at the forefront of critical event management, helping businesses enhance their cybersecurity defenses. To understand more about achieving cyber resilience, watch our latest webinar on strengthening your cyber defenses: 

Cybersecurity in financial services presents unique challenges in strengthening resilience against potential threats. Financial institutions not only need to combat cyber threats such as web application attacks, bad bots, ransomware, and phishing attacks, but also maintain uptime before, during, and after such breaches to ensure seamless customer service and regulatory compliance. 

The cost of cybersecurity risks 

According to IBM’s Cost of a Data Breach Report 2024, the global average cost of a data breach reached USD 4.88 million, a 10% increase from the previous year and the highest total ever recorded. A third of breaches involved shadow data, highlighting the difficulties in tracking and safeguarding proliferating data. Organizations using security AI and automation extensively in prevention reported average cost savings of USD 2.22 million compared to those that didn’t. Beyond these staggering statistics, financial institutions face even greater fears in lost business costs, including increased customer turnover, lost revenue due to downtime, and the rising cost of acquiring new business due to diminished reputation. 

Regulatory landscape 

The FFIEC (Federal Financial Institutions Examination Council) has strengthened its mandates for operational resilience, business continuity, and crisis management within the financial sector. This increase in regulation and compliance expectations underscores the necessity of automation across operational risk areas to achieve efficiency in processes, knowledge, and impact assessment. Regulators focus on the impacts of operational outages and their industry-wide effects, requiring detailed tracking, audit logs, and evidence of executive oversight. 

The importance of cyber resilience 

For financial services to succeed amidst heightened regulatory requirements and complex digital threats, cyber resilience extends beyond simply remediating attacks. It involves maintaining a reputable and trustworthy brand and product for customers. Organizations must prioritize building a resilient operation so that any disruption, whether from a cyberattack or other causes, has minimal impact on customer experience and avoids major non-compliance fines. Through digital transformation and a commitment to automation, financial institutions can build maximum operational resilience, enhance customer experience, and achieve positive returns on technology investment. 

The domino effect of disruptions 

Digital disruptions in large financial firms can have cascading negative impacts. Cybersecurity-related risks can lead to direct costs for affected banks and ripple effects on counterparties within the financial sector and the broader economy. Becoming cyber resilient means more than shielding against a single disruption; it requires active prevention against the negative domino effect such disruptions can trigger. With much of the financial sector’s success rooted in customer trust, falling victim to a chain of events that impact on the economy puts institutions at high risk of lost business. It truly pays to be prepared. 

Operational resilience through digital transformation 

Innovations in incident management, including greater automation, integration, data-level visibility, and user-friendly advances, support the infrastructure necessary for uninterrupted customer experiences. Everbridge critical event management can help financial services establish and maintain ‘Operational Resiliency ROI’ by minimizing business downtime and accelerating incident resolution through automated communications, collaboration, and orchestration. It streamlines incident response across IT Ops, Service Ops, Sec Ops, DevOps, and IT BC/DR, equipping employees with the information and resources needed to support digital transformation and deliver uninterrupted customer experiences. 

For more insights, watch our webinar on cybersecurity preparedness and protection. 

In the face of potential active assailant threats, organizations are increasingly turning to technology to bolster their preparedness and response capabilities. The integration of technological solutions is proving to be a game-changer, particularly in improving communication and ensuring timely responses during incidents. As businesses seek to protect their people and assets, understanding the role of technology in enhancing active assailant preparedness has become essential. 

The power of real-time communication 

One of the primary advantages of leveraging technology in active assailant preparedness is the ability to facilitate real-time communication. During an incident, every second counts, and the ability to disseminate information swiftly can be the difference between safety and chaos. Technology solutions, such as mass notification systems, mobile alerts, and integrated communication platforms, enable organizations to send immediate alerts and updates to all affected individuals, regardless of their location. 

Types of technology systems being deployed 

Organizations are deploying a range of technology systems to enhance their active assailant preparedness. These include: 

1. Mass notification systems: these systems allow for the rapid dissemination of alerts and instructions to employees via multiple channels, including text messages, emails, and mobile apps. 
2. Emergency communications platforms: such platforms provide a centralized hub for coordinating and managing communications during an incident, ensuring that all stakeholders receive consistent and accurate information. 
3. Surveillance and monitoring tools: advanced surveillance systems equipped with AI capabilities can detect unusual activities and trigger alerts, enabling a swift response to potential threats. 
4. Access control systems: these systems enhance security by regulating entry and exit points, allowing for quick lockdowns and controlled evacuations. 

Benefits of real-time alerts 

The implementation of real-time alert systems offers several benefits: 

• Increased situational awareness: real-time alerts ensure that employees are immediately aware of an ongoing situation, allowing them to take appropriate actions to ensure their safety. 
• Coordinated response: With instant communication, response teams can coordinate their efforts more effectively, streamlining decision-making and response strategies. 
• Reduced panic and confusion: Timely and clear communication reduces panic among employees, providing them with the guidance needed to remain calm and follow established protocols. 

Challenges and solutions 

Despite the clear advantages, organizations face challenges in implementing and maintaining these technology solutions. Communication issues remain a top concern, with security professionals identifying real-time updates, sending alerts, and making quick decisions as key hurdles during active assailant incidents. However, nearly 70% of security professionals have already deployed technology solutions to address these challenges, indicating a growing recognition of the importance of technological integration. 

Next steps 

As organizations navigate the complexities of active assailant preparedness, technology stands out as a vital component in enhancing their capabilities. Everbridge has partnered with ASIS to survey around 700 security professionals to establish benchmark data on how the training, the tools, and the approach to active assailant preparedness has evolved. We consolidated our findings into the 2024 active assailant preparedness report which you can download here: 

As the landscape of active assailant threats evolves, staying ahead with cutting-edge technology will be crucial for effective preparedness and peace of mind.