Over 20 million user accounts of the hacked popular audio streaming site Mixcloud is now reportedly being sold on the dark web. Pixabay

One of the biggest stories last year was the rise in both the frequency and impact of digital and natural disasters. Cyber attacks like the WannaCry and NotPetya ransomware crippled organizations across the world. Hurricanes devastated the Caribbean, Florida and Texas. Wildfires burned in California, Washington and Oregon. And if predictions are right, it’s only going to get worse.

Last year was one of the costliest for natural disasters ever. Hurricane Irma resulted in the closure of hundreds of Florida businesses, from amusement parks to cruises, and cost them $83 billion in property damage and lost revenue. Tropical Storm Harvey, which hamstrung Houston for weeks, could cost as much as $190 billion.

Cyber attacks can be as disruptive and expensive as natural disasters. Some estimates predicted the cost of ransomware attacks in 2017 alone would exceed $5 billion.

Cyber Threats vs. Natural Disasters

The World Economic Forum (WEF) recently ranked the “Global Risks of Highest Concern for Doing Business” as part of its Global Risks Report 2018. Cyber attacks rank at number 8, while extreme weather events and natural catastrophes come in at 18 and 19, respectively. Extreme weather events and natural disasters were both more likely and more impactful than cyber attacks, but all three rank among the most likely and most destructive events.

When you ask the IT and security professionals themselves, their priorities are clear. According to a Qualtrics survey of 375 business leaders on disaster recovery (DR), 74 percent said they consider a data breach, hack or cyber attack a greater business risk than a natural disaster.

Ranking their concerns, 34 percent listed cyber attacks as their top concern (and 55 percent listed it as one of their top three concerns). Cyber disasters are quickly becoming the 21 st century disaster. But while cyber threats keep them up at night, more experienced a natural disaster (23 percent) than a cyber attack (19 percent), the survey found.

What Does the Future Hold? (Spoiler: More of the Same)

The WEF report notes that cyber attacks against businesses have almost doubled in five years. In 2017, WannaCry infected more than 300,000 computers in 150 countries, with potential damage estimated at $4 billion. NotPetya cost organizations hundreds of millions of dollars.

Businesses are likely to remain vulnerable to these kinds of attacks, with awareness being one obstacle. A separate Qualtrics survey of 510 IT decision-makers on cybersecurity found that 15 percent of respondents thought WannaCry was not a known cyber attack, while 14 percent thought the same of NotPetya. Some 43 percent of respondents also admitted to clicking on a link or opening an attachment in a phishing email.

The WEF report also notes that 20.4 billion internet of things (IoT) devices will be online in 2020 — up from 8.7 billion last year. That gives hackers more targets and makes possible more damaging and expensive attacks given the larger attack surface. Nearly half — 46 percent — of organizations are slowing their deployment of IoT devices because of recent cyber threats, the Qualtrics cybersecurity survey found.

At the same time, the 2017 hurricane season is part of a larger trend toward extreme weather events with increasingly expensive recoveries, the WEF report notes. The WEF suggests that hurricanes, wildfires, floods, mudslides and other weather patterns will only grow more frequent in coming years.

It’s for this reason that businesses need to take action. In the end, many organizations will learn their lesson the hard way, rethinking their disaster plans only after being hit with a cyber attack or natural disaster. The most resilient organizations, however, will continually re-evaluate their plan, test for effectiveness and prepare for whatever disaster might come.

Joseph George serves as vice president of global recovery services product management at Sungard AS.