When a strong earthquake occurred on Russia’s eastern coast on 30 July, tsunami alerts went out from Japan to California. The 8.8 quake, one of the strongest this decade, followed other large ones in Myanmar and Taiwan. Earthquakes this powerful are not just destructive on the ground…they can also shake the digital systems that people need daily.
Natural disasters can really cause damage to necessary infrastructure such as power grids, mobile networks and data centres. The moment these systems stop working, the things that protect against hacking and data breaches may also stop. This then makes it easier for attackers to slip through gaps that would normally be closed.
During a disaster, communication is so so important. But when phone lines and internet connections fail, emergency workers and government departments can struggle to share accurate information quickly. That confusion can make it easier for hackers to cause more damage. Scammers may even impersonate relief organisations to steal money or private data through fake messages.
What Happens To Data During Disasters?
Floods, fires and earthquakes can physically destroy servers and data centres. If there are no backups stored safely in other locations, years of records can vanish in an instant. This can affect hospitals, banks, schools, or even police services trying to respond to the disaster.
There is also the question of money. When organisations have to spend large sums repairing buildings and restoring electricity, cybersecurity often drops down the list. Yet this delay can leave systems exposed for longer, especially when hackers know there is less protection in place.
Supply chains also come under pressure because a factory damaged in one part of the world, for example, can slow production everywhere. These disruptions make it harder to track goods and detect fraud, and can also reveal weak points in digital networks that link suppliers together.
Experts Share: How Can Startups Help?
We’ve asked experts how startups can protect essential infrastructure in the wake of natural disasters. This is what they think…
Mark Edgeworth, CEO, Hicomply
“Start-ups bring agility that’s often lacking in traditional providers. They can rapidly innovate, adapt to new threat environments, and deploy tailored solutions at speed. This is a critical advantage when physical and digital infrastructure is under simultaneous pressure. But to have meaningful impact, they must operate within supportive ecosystems that promote risk-taking and enable rapid scaling.
“For example, in the UK, policy shifts like the forthcoming Cyber Security and Resilience Bill and initiatives such as the Regulatory Innovation Office are creating the conditions for scale-ups to thrive. Investment in regional tech clusters and sovereign cybersecurity capabilities is helping start-ups stay close to infrastructure needs while reducing reliance on complex international supply chains.
“But this isn’t just about national strategy. Globally, we need to think beyond compliance and look to control, stability, and long-term security. Cybersecurity start-ups that embrace this moment by innovating fast, collaborating across borders, and focusing on resilience over reaction.
“In turn, start-ups need to be embraced, encouraged and apportioned the correct recognition – and, crucially, investment – as they carve out their place within disaster response.”
More from News
- Project Europe Reveals Six Startups to be Included in the Organisation’s First Cohort
- ChatGPT Leaks Private Chats On Google
- Comp AI Secures $2.6M Pre-Seed to Disrupt SOC 2 Market
- Experts Share: How Will The Rise Of AI Call Centres Impact Entry Level Jobs?
- Air Traffic Fault Causes Delays Across UK, Here’s Why
- Google Signs EU AI Code Of Practice, Here’s What That Means
- Saudi Arabia Invests $6 Billion In Syria: Why Should This Investment Strategy Matter to UK and European Founders?
- London Landlords Hit Affordability Wall as Northern Rents Surge Ahead
Adam Seamons, Head of Information Security, GRC International Group
“The real problem in a disaster is that security often gets ignored. People focus on speed, access, and recovery. Security becomes a ‘nice-to-have’. That’s the real risk.
“This is why systems need to fail secure, not just fail safe. It’s not enough for things to keep running. They have to stay secure even when everything else is falling apart.
“Startups can help by building tools that:
“Work under pressure without relying on users to remember the secure way
“Have security built in from the start (encryption, access controls, audit logs)
Keep working even when connectivity is patchy or central systems are down
“Rely on proper load balancing and redundancy so you don’t end up with a single point of failure at the worst possible time, proactive SPoF prevention at the design phase often pays off.
“Good disaster tooling assumes people will take shortcuts. Great tooling assumes infrastructure will fail too. If your product still protects the business when both happen, you’re doing it right.”
Niels Hofmans, Head of Security and IT, Intigriti
“If a startup is following a compliance standard framework such as ISO27001 or NIS2, they should already be taking natural disasters into account. Starting from ISO27001:2022, global warming has to be taken into consideration in your risk assessment.
“Your businessYour business continuity policy should then detail what the potential damage could be to your daily business operations (from incident to disaster), and then reflected in your Disaster Recovery Policy.
“Going cloud-based shifts a lot of the responsibility to the cloud provider. And surprise: they’re quite good at running the infrastructure for you.
“But the same best practices apply as any other architecture; there is a distinction between zones and regions. A zone could be one or more data centers, and if you don’t design your infrastructure to allow for zonal failures, you could still see the impact of natural disasters.
“Allow for architectural flexibility, both from a physical perspective and a software perspective. Let the cloud provider do the heavy lifting for you as much as possible, and design around their standards.
“The context of natural disasters could also be abused by threat actors to target startups. What we saw with COVID-19 was a lot of targeted spear phishing attacks.”
