The new year is only a few weeks old, but even in such a short amount of time, a number of significant crises and disasters have already affected millions of people around the world.
On January 1, at 3:15 AM local time, a man drove a vehicle into a crowd of people on Bourbon Street in New Orleans, Louisiana, killing 10 and injuring dozens more. At time of publication, authorities are investigating the incident as a terror attack.
On January 7, an earthquake shook the Tibet Autonomous Region of China, measuring between 6.8 (as per the China Earthquake Networks Center) to 7.1 (as per the US Geological Survey) in magnitude. At time of publication, at least 126 deaths and 338 injuries have been attributed to the quake, as well as damage to over 27,000 buildings and the total loss of at least 3,600 homes.
On January 13, the Eindhoven University of Technology — widely regarded as a “feeder” university for Dutch chip and semiconductor company ASML — identified “suspicious activity” on its servers during the previous weekend that bore “all the hallmarks of a cyberattack.” The school turned off its network and suspended classes until at least January 20, pushing back January exams for its more than 13,000 students and 4,000 staff members. While a breach was detected, at time of publication it remains unclear if any data theft occurred.
And these are just a few of the different types of critical events that have happened so far.
Let’s look deeper at the top critical events and security threats that can affect your organization in 2025, as well as how, in spite of potential dangers, you can strengthen your resiliency.
1. IT outages
In our increasingly digitalized world, we rely more every day on the flawless functionality of information and communication technology in our personal and professional lives. So when an IT outage occurs with the potential to take one or several systems offline, the results can be costly — and the largest and most costly IT outage in recorded history only occurred last year.
In July 2024, a global cybersecurity company with high-profile clients — at the time, almost 60% of companies listed in the Fortune 500 — released an update to its software that caused over 8.5 million Windows-based systems to crash at once. Even worse, a significant number of these systems could not be restarted remotely, requiring manual resets in order to get back online.
Even though the update was only live for slightly longer than an hour, the estimated loss from the event is staggering. Over 5,000 flights were cancelled, stranding passengers across at least five continents. One major American airline company estimated that it racked up financial losses of close to $500 million for the five days after the update was issued.
Other industries were also disrupted in a myriad of ways, ranging across finance, media, healthcare, and more. A large number of hospitals cancelled or delayed non-emergency surgeries and procedures. The city of Portland, Oregon declared a city emergency, and websites for a number of government bodies, such as the House of Representatives of the Philippines, became inaccessible.
The total financial loss for this outage is estimated to total at $5.4 billion, an average of over $143 million in loss per affected company.
2. Data breaches
As we rely more on digital technology each year, for everything from personal communication and work to travel and leisure, we send more of our personally identifiable information (PII) into an expanding digital ecosystem.
But with this trend, there has been a corresponding rise in the number of bad actors who work to gain unauthorized access to these secure digital spaces and capture our PII in order to sell or exploit it for personal gain. These data breaches expose millions of individuals to many types of fraud or other malfeasance, and can be equally devastating for targeted organizations.
In April 2024, a hacker breached the secure systems of a large data brokerage, making off with as many as 2.9 billion personal data records, including an estimated 272 million Social Security numbers and 600 million phone numbers. In the following months, the company was the subject of multiple class-action lawsuits, and eventually filed for bankruptcy in October. After that filing was rejected, the company permanently closed its doors just last month.
In the healthcare industry, the number of data breaches affecting 500 or more personal health records has more than doubled in the last eight years, according to The HIPAA Journal. And while the number of such breaches in 2024 did fall from the year before — 703 last year, down from 747 in 2023 — the total number of individual records breached actually went up by 9.4%, totalling at 184,111,469 and making 2024 the worst year on record for such activity.
3. Ransomware attacks and other cybercrime
With the continuous increase in data breaches comes an increase in ransomware attacks, a type of cybercrime where malware is deployed that can either steal data or disrupt a device or system and hold it hostage until a ransom demand is met, typically large sums of money.
Due to factors like increasing digitalization, increasing interconnectedness among third-party IT providers, and overall corporate consolidation activity, some organizations have become so massive — while remaining exposed to ransomware attacks — that they feel they have no recourse but to cave to cybercriminals’ demands and pay these hefty ransoms. And yet, this not only fails to resolve the organization’s underlying security vulnerabilities, but it incentivizes hackers and drives up the likelihood of a future ransomware attack even more.
In February 2024, a major global healthcare payment processing company that handles 15 billion medical claims annually was the victim of a ransomware attack that sent its systems offline. This created a massive backlog of unprocessed and unpaid claims, created cashflow issues for medical providers and hospitals, and most importantly, disrupted the delivery of care for patients at all levels of need.
As of Q3 2024, the company estimated its total costs for the breach at $2.9 billion, not including the predicted costs of future efforts to earn back lost clients and restore public confidence in its risk management and cybersecurity operations.
Another reason ransomware remains a top critical threat in 2025 is that some hackers have built infrastructure to promote and support the sale of ransomware to others — in other words, industrializing it into ransomware-as-a-service (RaaS). By essentially licensing and distributing harmful malware, these hackers have increased the incentive to develop such software and applied a multiplicative factor to the overall number of ransomware attacks we can expect.
4. Critical infrastructure disruption and attacks
Because so many people rely on the critical infrastructure that supports the core functionality of society, such as transportation, water and power utilities, and internet service, even a minor disruption can have damaging and costly systemwide effects that ripple out into other industries. And in 2025, the facilities and services that support this foundational societal architecture have become even bigger targets of cybercriminals seeking to do harm.
On March 26, 2024, a Singaporean container ship suffered a severe power outage and collided with the Francis Scott Key Bridge. The bridge stretched across one of the busiest shipping routes in the US, connecting the Atlantic Ocean to the Port of Baltimore, which handled roughly $80 billion worth of foreign cargo in 2023 alone.
With the support of the US government in cooperation with its international partners, the bridge is estimated to be rebuilt by the fall of 2028. The estimated cost of reconstruction is between $1.7 and $1.9 billion dollars, but the overall toll for every affected individual and industry is far greater. Not only did six people die in the collapse, but commuters needed to find new routes to cross the Chesapeake Bay, and organizations needed resilience plans to reroute both their incoming supply-chain resources and outgoing commercial wares.
Additionally, cybercriminals have developed new malicious tools to attack industrial systems supporting critical infrastructure, such as programmable logic controllers (PLCs) designed to infiltrate the web- and browser-based technology that has come into greater use at these facilities in recent years. This malware enables hackers to assume control of onsite devices and physical processes, and can even resurrect itself if hardware or controls are reset or replaced.
Thankfully, distributed systems professionals are aware of this vulnerability and are actively developing workable solutions, but it’s only one of a number of increasing security risks that make these incredibly vital facilities into targets for damage and loss.
5. Natural disasters and other extreme weather events
As global temperature averages continue to rise year after year, the world continues to experience natural disasters of increasing magnitude and other extreme weather events. This meteorological trend tests our global infrastructure’s ability to sustain liveable conditions in the most highly affected regions, as well as the limits of operational resilience for organizations during such emergencies, and shows no sign of slowing down.
In the US, 2024 saw more severe weather and climate disasters whose cost of damage amounted to at least $1 billion than the average of the three previous years. From 2020 to 2024, the average number of weather and climate disasters costing $1 billion or more is nearly 10 more events per year than that of the previous decade, from 2010 to 2019.
And 2025 has already delivered some highly destructive climate events. On January 7, more than a dozen wildfires broke out in greater Los Angeles, with the Pacific Palisades and Eaton Canyon areas sustaining the most damage at more than 10,000 acres burned apiece and a total of over 1,000 structures destroyed. A week later, high winds were predicted in the area again, capable of spreading still-burning fires to new areas or starting new fires.
As this is an ongoing situation, cost estimates have fluctuated, anywhere from $30 billion for insurers to between $200 billion and $250 billion for the total cost of emergency services, property damage and loss, and recovery costs. But the emotional toll of such large-scale devastation will be felt by the region for decades.
6. Wars and other armed conflicts
As political tempers flare, wars and other armed conflicts continue to disrupt daily life for millions of individuals in affected regions around the world. While clashes over ownership of disputed land or other natural resources are not new, their relative unpredictability presents challenges for organizations seeking to bolster their operational risk management and operational resilience programs to ensure business continuity during times of war.
The best example of the long-term effects of armed conflict on organizational resilience is the ongoing war between Russia and Ukraine. While Russia had previously ignited conflict in sovereign Ukrainian territory as far back as 2014, it wasn’t until its full-scale invasion in February 2022 that the economic impacts were fully felt, by both countries as well as their allies and trading partners — and the accompanying humanitarian crisis drastically altered the region.
Ukraine has long been thought of as the “breadbasket of the world” due to its rich and plentiful grain crops, typically exported to many countries and regions. But once war broke out, Ukraine’s ability to produce grain was severely hindered, severely reducing grain exports and driving up the cost of grain in Europe and other regions due to its more limited supply.
Due to the war, overall economic growth in Ukraine for 2022 was estimated to have fallen as sharply as 45%. In addition to shifting to a “war economy,” the country has sustained over $100 billion in infrastructural damage across all sectors, with housing topping the list at an estimated $56 billion in loss estimated between February 2022 and December 2023.
In Russia, a combination of economic sanctions and credit rating reductions caused the local stock market, best represented by the RTS Index, to fall up to 39%. Many of Russia’s key trading partners withdrew their investments from cooperative ventures, and as many as 300,000 younger working Russian professionals participated in a mass emigration to neighboring countries. As most of these Russian nationals are tech workers and specialists, observers have labelled the shift a “brain drain,” hampering prospective technical innovation in the country.
7. Public health disasters
It goes without saying that the outbreak of the COVID-19 pandemic in 2020 had a significant and life-altering effect on nearly everyone in the world. But it also caused every organization to thoroughly review their risk management and operational resilience plans, if not develop new ones, in the event of such a public health crisis, especially one as widespread and easily transmissible as COVID.
Thankfully, most public health disasters are far less impactful than COVID — but this is no cause for a lapse in preparedness. For example, the US is currently experiencing an outbreak of bird flu (or H5N1), beginning in wild poultry populations and spreading to other species and groups.
At time of publication, the Centers for Disease Control (CDC) reports that the virus is confirmed to have made the leap to dairy cattle, affecting as many as 36 herds in California alone. It has also been sporadically detected in poultry flocks, and has exhibited the zoonotic capacity to infect humans, resulting in 67 confirmed cases, including one confirmed death at time of publication.
Apart from the health and safety of animal and human populations, the outbreak has affected the availability and cost of staple foods like milk and eggs. Losses in dairy cattle herd populations has caused a drop in milk production, although the FDA has evaluated that due to pasteurization, milk and milk products remain safe for consumption.
Despite that poultry flocks have only experienced sporadic outbreaks of bird flu, any significant loss in egg-laying hen populations will have an outsized effect on the cost of eggs per dozen, which is already recovering from a 2022 spike due to inflation and other factors. This can have downstream effects for any small- or large-scale food business that relies on eggs as a staple ingredient in its production processes, from corner diners to frozen dinners.
8. Physical security incidents
Physical security incidents refer to any event that affects the physical safety and security of your personnel, facilities, or other operational assets.
Events that qualify as physical security incidents can vary in a number of ways, such as whether or not they are small or large in scale, natural or manmade in origin, or happen on purpose or by accident. So even though an earthquake and an act of vandalism differ from each other by every evaluative attribute, they are both considered physical security incidents.
Because physical security incidents can vary so broadly, the most important factor of your physical security operation, from risk management to crisis communication and emergency management, is flexibility. The more flexibly your security apparatus can respond to a sudden or ongoing physical incident, the higher the likelihood that your organization can maintain safety, minimize loss, and mitigate risk while actively navigating through the event.
Take an integrated approach to threats in the year ahead
As we lean into 2025, critical events and security threats continue to present opportunities for sudden and severe impacts on your organization’s readiness and resilience. While some of these types of threats are hard or even impossible to predict, the most thorough and flexible crisis management, security, and resilience plans should be designed to help your organization handle events in any of these categories.
That’s why an integrated approach to resilience is always the best approach — and Noggin’s integrated resilience platform helps you plan and execute custom responses to critical events and security threats to mitigate risk and maintain safety.
With Noggin, you can thoroughly assess and anticipate risk both within and outside your organization, efficiently manage disruptions, resolve issues of safety and security during emergencies or crises, and strengthen your overall resilience strategy with thorough reviews after events have passed.
Even better, you can request a demo of Noggin today and start planning for tomorrow.
.svg)
.svg)
.svg)