Facebook has been in the hot seat since it came to light that personal data on as many 87 million users, mostly in the US, had been improperly acquired by Cambridge Analytica for use in the presidential campaign of Donald J. Trump. CEO Mark Zuckerberg acknowledged as well that “malicious” outsiders may have accessed profiles of most of his 2 billion users. In the wake of Facebook’s enormous cyber-lapse, Congress investigated, users fled, and its stock plummeted—the makings of a genuine company disaster.
But cybersecurity—or the lack thereof—is just the latest source of catastrophic risk, with a flurry of data breaches in recent months exposing consumer records across a wide swath of business firms, non-profit organizations, and government agencies. Cyber risk joins terrorism, financial crises, and natural disasters in disrupting the operations of many.
Some disruptions are global. The subprime mortgage meltdown in 2008 in the US became toxic for financial institutions everywhere. The Fukushima reactor meltdown in Japan in 2011 shut auto suppliers that in turn closed car assembly around the world.
“Whatever the disasters’ causes, firms can and should…
