Years ago when I got involved in what was then called “Business Assurance Planning”, the top threats to sustain business operations were fire, power outage, and natural disasters like floods, bad weather, earthquake. All of the contingency planning centered around finding another location work out of and making sure IT systems were backed up with copies stored off site. Then Y2K brought awareness of the vulnerabilities of all the IT systems we rely upon, even in the absence of a natural disaster, and we started to think about how we would operate if our IT systems stopped functioning.