Disaster Recovery Journal Spring 2024

When a Data Disaster Strikes, What’s Next? By ERIC HERZOG D isaster recovery is not only about natural disasters. In today’s intermingling of physical and digital worlds, “data disasters” have arisen with the potential to bring enterprises across all indus tries to their knees. Data is among the most valuable assets of an enterprise, but it is also the target of cyber criminals who are intent on creating human-generated or AI-generated “disas ters” that wreak havoc, distract leaders, and incur the most harm possible. A cyberattack, such as a ransomware attack which takes all of the enterprise’s data “hostage” for ransom, is now deemed a disaster on par with a Category 5 hur ricane in terms of operational disruption, business impact, and harmful conse quences. In the 2023 Fortune 500, CEO cyber security was cited by CEOs as the No. 2 threat to their companies. This kind of disaster threatens to shut down the

business for days or weeks, cause costly damage and confusion, and send leaders and staff scrambling to get the business back up and running. Data-related “disasters” are a signifi cant problem. This year cyberattacks are expected to cost enterprises about $8 trillion worldwide. Cyberattacks are dis rupting operations so extensively that enterprises are assembling multidisci plinary teams to develop strategies and policies to respond to these data disasters. These cyberattacks can be so pervasive and damaging that the U.S. Securities and Exchange Commission is requiring pub licly traded companies to file public docu mentation when hit with a cyber incident. What should an enterprise do when a data disaster hits? How does an enterprise ensure business continuity amid a major data disaster? How is recovery from a data disaster similar and different than recov ery from a natural disaster?

DISASTER RECOVERY JOURNAL | SPRING 2024 39