Disaster Recovery Journal Summer 2025

Cyberattacks: An Unnatural Disaster By JOHN WILSON T his morning, my local San Francisco Bay Area news asked a familiar question: Did you feel it? There was a magnitude 3.9 earthquake a few miles east of me. No, I didn’t feel the tiny quake, but the news reminded me that a more significant shaker could strike at any time. As I watched the news while sip ping my morning coffee, my wife brought me a letter that had arrived the night before. It was another all-too-familiar bit of news: My name, address, and driver’s license number had been leaked in a data breach. There are many parallels between natural disasters and cyberattacks. For example, both can shut down your busi ness by disrupting your supply chain,

preventing you from processing orders due to IT outages, or severing business critical lines of communication. Natural disasters can be categorized by the amount of warning available before they strike. Earthquakes typi cally occur with no warning. Tornadoes and wildfires usually give potential victims a few minutes to evacuate or take shelter. Hurricanes and volca noes generally provide several days of preparation time. At first glance, cyberattacks would seem to fall into the “earthquake” category. After all, cyberattacks seemingly occur without warning, right? The reality is more nuanced. A distributed denial-of-service (DDoS) attack—such as the one that impacted X on March 10—likely does fall into the earthquake category. Any company can be the victim of a DDoS attack at

DISASTER RECOVERY JOURNAL | SUMMER 2025 21