For decades, business continuity planning has meant preparing for abnormal events such as hurricanes, floods, tornadoes or regional power outages. In anticipation of these rare disasters, IT teams created playbooks, ran annual tests, crossed their fingers and hoped they never had to use them.
In recent years, an even more persistent threat has emerged. Cyber incidents, especially ransomwareToday they are more common – and often more destructive – than physical disasters. According to a recent survey of more than 500 CISOs, almost three quarters (72%) said their organization dealt with ransomware in the past year. Earlier in 2025, the rate of ransomware attacks on enterprises reached record heights.
Mark Vaughn, senior director of the virtualization practice at Presidio, has witnessed this trend first-hand. “When I speak at conferences, I ask those present: “How many people have been affected?” Disaster recovery usually requires multiple people,” he says. “But just over a year ago, I asked how many people in the room had been affected by ransomware, and two-thirds of their hands easily went up.”
This content was created by Insights, the content creation division of MIT Technology Review. It was not written by the editors of MIT Technology Review.
This content was researched, developed and written by writers, editors, analysts and illustrators. This includes writing surveys and collecting survey data. The AI tools that could be used were limited to secondary manufacturing processes that had undergone extensive human testing.
