When the world's at stake,
go beyond the headlines.

In 2024, Tom Johansmeyer wrote “Why Natural Catastrophes Will Always Be Worse than Cyber Catastrophes,” where he laid to rest beliefs that cyber security disasters cause more widespread damage than natural disasters, putting the rush to focus on cyber issues into perspective for the reader. A year later, we asked him to revisit his argument based on new data from both cyber and natural disasters. Image: Master Sgt. Michel Sauret via DVIDSIn your 2024 article, “Why Natural Catastrophes Will Always Be Worse Than Cyber Catastrophes,” you argue that the economic destructive power of natural disasters outweighs that of cyber attacks. With new data from recent disasters, advancing adversary cyber capabilities, and increasing digitization of critical infrastructure, does that gap in impact still hold — and is the potential for cyber losses growing steeper?New data has only made the gap more lopsided. Since my article was published, I was able to add economic losses from four more cyber catastrophe events: MOVEit, CDK, Change Healthcare, and Crowdstrike. Together, they amounted to $8-10 billion in aggregate economic loss across 2023 and 2024. Economic losses from natural disasters reached $280 billion in 2023 alone — and reached $318 billion in 2024.Source: AuthorThe potential for economic losses from cyber attacks to grow is to be expected as long as the value of economic activity transacted via or supported by the cyber domain and attendant technology grows. That said, the potential for major systemic event losses appears to be limited.As I mentioned in the original article, reversibility represents a natural constraint on cyber catastrophe economic losses. Let’s reconsider the example I gave — Hurricane Ida. Not only were there tens of thousands of physical repair points, but in a post-disaster environment, even reaching those individual locations can be difficult. It may be necessary to remove debris and address physical