In an era defined by surging electricity demand and an escalating threat landscape, utilities face pressures more intense than ever. Population growth, electrification, digitalization and climate volatility have converged into an elevated threat matrix, with the risk of outages and service disruptions increasing at an accelerated pace.
For example, some predict that power demand in major European countries could increase by as much as 7 percent per year until 2030, after two decades of relative stagnation. In addition, cyberattacks are on the rise, with Europe recording the highest increase in cyberattacks against critical infrastructure in Q2 2025 at 22 percent. In the U.S., electricity consumption is on track for another record year, with power demand expected to rise to 4,189 billion kilowatt (kWh) hours in 2025 and 4,278 billion kWh in 2026.
Under these conditions, utilities can’t afford to rely on decades-old playbooks or ad hoc approaches to resilience. They need an integrated approach to minimize risks and increase resiliency for every type of hazard and threat.
Welcome to the Resiliency Bow Tie.
Designed by TRC after years of client collaboration and engagement, the Bow Tie approach gives utilities a strategic framework to anticipate and respond to unexpected events, ensuring reliable service delivery.
An Era of Compounded Risk
Reducing outage risk and improving resilience has never been more daunting for utility leaders. Safe, reliable service is impacted by multiple variables, from aging assets to intensifying storms, cyber threats and increasing customer expectations. These multifaceted, deeply intertwined dynamics demand a new level of coordination, transparency and innovation.
Utilities are grappling with an aging and increasingly stressed infrastructure landscape. Aging substation equipment, lines and transformers, which are often decades past their intended lifespan, introduce constant vulnerabilities. Even well-intentioned upgrades can disrupt operations themselves, highlighting the delicate balance between maintenance and risk. Moreover, the complexity of networks, with interdependencies between physical, IT and OT systems, creates numerous points of potential failure.
Climate change and extreme weather events are shifting risk profiles at a pace that outstrips traditional planning. The frequency and severity of hurricanes, floods, wildfires, and heatwaves are pushing operations and recovery teams to their limits.
In parallel, the digital transformation of utilities has created both opportunity and exposure. As utilities adopt automation, data analytics and interconnectivity, the risk of cyberattacks, often driven by artificial intelligence, has increased exponentially. With an estimated 2,200 cyberattacks globally every day in 2025, and with the energy sector accounting for a rising share of incidents, the margin for error is slim.
Regulatory, business and public scrutiny are also intensifying. Stakeholders demand transparency, systematic prioritization, and defensible investments—but too often competing viewpoints and priorities slow progress. The tension between cost constraints and the need for redundancy or hardening strategies (such as undergrounding circuits versus floodproofing or automation) can lead to impasses rather than action.
Internally, organizational inertia, siloed communication and insufficient documentation of vulnerabilities hinder agility. Lessons from past failures can be quickly forgotten if not systematically reviewed and integrated into planning. The lack of standards for risk assessment leads to inconsistent—and sometimes ineffective—decision-making. Ultimately, every utility finds itself at a different stage in the resilience journey, but all face a common imperative: adapt continually, while balancing risk, cost and reliability.
Challenges include:
- Aging infrastructure increases vulnerability while upgrades risk new disruptions.
- Extreme weather and climate events are more frequent and costly, with unprecedented consequences for grid reliability.
- Cyber and physical threats are proliferating as the digital footprint of utilities continues to expand.
- Stakeholder alignment and standardized risk prioritization are challenging to achieve.
- Organizational silos, unclear documentation, and inertia impede coordinated, evidence-based resilience planning.
Resilience Demands a New Framework
Modern utilities require innovative solutions. The Resiliency Bow Tie provides an integrated, proactive approach to risk management that combines technical expertise, business strategy and clear accountability. It provides decision-makers with an effective means to guide collaboration and planning throughout the entire life cycle of risk, from cause to consequence and from investment to recovery.
Specifically, the Resiliency Bow Tie is a visual risk assessment model that places the critical event (for example, a major outage) at the center of a “bow tie” diagram. On the left side, all potential threats and vulnerabilities, such as physical failures, internal risks and cyber-attacks, are systematically mapped, along with every possible pathway to the central event. On the right, the framework tracks all the resulting consequences as well as the post-event controls that can reduce the duration and severity of disruption.
The elegance of Resiliency Bow Tie lies in its ability to force structured thinking: it requires teams to document pre-event investments and mitigations (physical improvements, automation, cyber protection, redundancies) alongside post-event recovery and restoration strategies (emergency response, IT/OT backup, skilled personnel deployment). The result is a complete lifecycle picture that supports clear prioritization, resource allocation and communication.
TRC designed the Resiliency Bow Tie approach in response to repeated calls from industry leaders for a more transparent, reproducible and scalable approach to resilience. Working closely with utilities worldwide revealed common pain points, including reactive decision-making, ad hoc investment and a disconnect between business and technical priorities.
TRC analyzed major outage events, including those triggered by aging assets, extreme weather or internal errors, to identify event pathways and decision gaps that are frequently overlooked. As a result, the company created a strategic model to cultivate mitigation, preparedness and response capabilities for potential threats and disasters. This enables organizations to adopt robust, flexible tools and tactics that leverage people, processes and technology. The core elements serve as a living risk roadmap, guiding resilience planning, investment decisions and continuous improvement.
Core elements of the Resiliency Bow Tie include:
- Event Mapping: Identify and analyze the “top event” (outage or disruption) and systematically enumerate all realistic threats, from equipment failures to floods, fires or cyber breaches.
- Pre-Event Investments: Catalog all actions that can reduce the likelihood or impact of an event, including asset upgrades, automation, system hardening, IT/OT system redundancy and identify residual risk.
- Post-Event Controls: Map out restoration strategies, including backup power, incident command structure (ICS), mutual aid contracts and response plans and communication protocols based on residual risk analysis.
- Standardized Prioritization: Quantify risk and value, prioritize investments based on benefit-to-cost ratio, and document decisions to ensure transparency and prudence.
- Continuous Improvement: Integrate new learnings from real events, functional exercises and industry experiences. The Bow Tie is not a one-time exercise—it evolves as organizational needs and goals change.