I don’t know anything about operations management, securitization, etc. What’s the difference between these two? Also, I work for a very large HW company, and we’re locked down. From my point-of-view “operations” just works. What does this look like for a small not-in-computers company? Like, how could the Seattle Public Library have secured itself from ransomware with a turnkey, reasonably priced solution?

At a high level, disaster recovery can often be "how do we get back to the way we were doing business?" A BCP is "what do we do if the way we did business before is not an option?"

So in this case, a DR plan might be "how do we restore our CDK data if something important gets deleted?" A BCP might be "what do we do if CDK no longer exists?"

DR: bring IT services back online.

BCP: keep the business running, possibly without using IT.

The BCP is what you execute while the DRP is in process.

If you have a BCP with no DRP you're probably going to survive, painfully.

If you have a DRP and no BCP the company may be dead before the disaster is recovered.