{"id":13555,"date":"2026-05-22T20:45:15","date_gmt":"2026-05-22T20:45:15","guid":{"rendered":"https:\/\/smart-team.io\/infraestructura-digital-y-riesgo-sistemico\/"},"modified":"2026-05-27T17:22:57","modified_gmt":"2026-05-27T17:22:57","slug":"digital-infrastructure-and-systemic-risk","status":"publish","type":"post","link":"https:\/\/smart-team.io\/en\/digital-infrastructure-and-systemic-risk\/","title":{"rendered":"Digital Infrastructure and Systemic Risk: The ITU-UNDRR Report on the Fragility of Interconnected Systems"},"content":{"rendered":"

89% of digital disruptions originate not from the initial failure but from cascading effects across interdependent systems. The new joint report from ITU, UNDRR and Sciences Po provides the first systematic mapping of the physical risk vectors threatening global operational continuity.<\/strong><\/p>\n

Digital Dependence as Structural Vulnerability<\/h2>\n

In May 2026, the International Telecommunication Union (ITU), the United Nations Office for Disaster Risk Reduction (UNDRR) and Sciences Po published “When Digital Systems Fail: The Hidden Risks of Our Digital World”<\/a><\/em>, a report developed by twelve senior experts mapping the physical vulnerabilities of global digital infrastructure across three domains: the Earth’s surface, the seabed, and space.<\/p>\n

The report’s starting point is an uncomfortable but documented observation: modern societies have built a deep dependence on digital systems without ensuring the existence of operational analogue fallbacks or governance frameworks capable of managing failures at systemic scale. The disruptions analysed \u2014 from submarine cable cuts to solar electromagnetic disturbances \u2014 have already generated cascading effects that simultaneously impacted critical services across multiple sectors.<\/p>\n

The document arrives at a moment when enterprise cybersecurity agendas are dominated by deliberate threat actors \u2014 ransomware, state-sponsored attacks, AI-enabled fraud \u2014 while the risks of unintentional, physically-originated disruption receive disproportionately less attention in business continuity planning.<\/p>\n

Key Findings<\/h2>\n
    \n
  1. The cascade effect is the rule, not the exception.<\/strong> Up to 89% of studied digital disruptions do not originate from the initial failure but from chained effects on adjacent and interdependent systems. The number of people affected can be up to ten times higher than those initially exposed to the original incident.<\/li>\n
  2. Three systematically underestimated physical risk layers.<\/strong> The report maps threats at the Earth’s surface (extreme weather events, power grid failures), on the seabed (submarine cable cuts carrying more than 95% of international data traffic), and in space (solar storms, communications satellite disruptions).<\/li>\n
  3. Loss of analogue competencies as an organisational risk.<\/strong> Accelerated digital transition has eroded organisations’ capacity to operate without connectivity. The absence of analogue backup systems \u2014 from manual procedures to alternative communication infrastructures \u2014 converts manageable interruptions into wider-scale crises.<\/li>\n
  4. Space and submarine infrastructure: the planning blind spot.<\/strong> Only 9% of cybersecurity executives surveyed in the WEF Global Cybersecurity Outlook 2026<\/a>\u00a0identified space technologies as a relevant cybersecurity impact factor. The ITU report identifies this deficit as an urgent governance gap.<\/li>\n
  5. Six-priority preparedness roadmap.<\/strong> Deepen vulnerability and interdependency knowledge, modernise legal risk management frameworks, strengthen standards and backup systems, improve multi-sector coordination on high-impact risks, build societal and organisational resilience, and foster cross-border trust and collaboration.<\/li>\n<\/ol>\n

    \"Origin<\/p>\n

    Chart 1 \u2014 Origin of digital disruptions. Source: ITU-UNDRR-Sciences Po (2026)<\/em><\/p>\n

    What Changes for Organizations<\/h2>\n

    Operational Management and Continuity<\/h3>\n

    Organisations managing distributed operations have progressively shifted coordination to digital systems \u2014 from production planning to supplier management. This transition expands operational capabilities while introducing dependencies on infrastructure whose systemic fragility is rarely assessed with the same rigour applied to deliberate threats.<\/p>\n

    The report compels a review of Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) from a broader perspective than is currently standard. Most organisations’ failure scenarios focus on deliberate cyberattacks or localised hardware failures. The ITU-UNDRR analysis adds physically-originated disruption scenarios \u2014 meteorological, geomagnetic, underwater seismic \u2014 whose statistical probability is comparable to that of cyberattacks but whose cascading impact can have greater territorial and temporal reach.<\/p>\n

    Competitive Positioning<\/h3>\n

    The publication of this report creates a genuine opportunity for organisations that wish to differentiate themselves in terms of operational resilience. Building architectures with geographic redundancy, maintaining degraded-mode operating capabilities, and documenting analogue contingency procedures are not high-cost measures relative to the risks they mitigate.<\/p>\n

    The risk of inaction is equally clear. Companies that do not incorporate these vectors into their risk assessments are exposed to disruptions they will, by definition, not have anticipated. In B2B environments where contracts include service-level agreements (SLA) and penalty clauses, an unplanned interruption \u2014 whatever its technical or physical origin \u2014 can have significant legal and commercial consequences.<\/p>\n

    \"Amplification<\/p>\n

    Chart 2 \u2014 Amplification factor of disruption impact. Source: ITU-UNDRR-Sciences Po (2026)<\/em><\/p>\n

    Context and Comparative Perspective<\/h2>\n

    The ITU-UNDRR report is published in a context where attention to digital risks is polarised towards deliberate threats. The WEF Global Cybersecurity Outlook 2026<\/a>, published in January, documents that 94% of cybersecurity executives identify AI as the primary driver of change in the threat landscape, and that 64% of organisations now assess the security of their AI tools \u2014 double the figure from 2025.<\/p>\n

    This concentrated focus on AI as a threat vector, while legitimate, can create a blind spot in risk management. The ITU report serves as a necessary counterweight: it reminds us that the digital risk surface includes physical layers that do not respond to the same mitigation frameworks as cyberattacks. Submarine cables, satellite ground stations, data centres in seismic zones or areas exposed to extreme weather \u2014 these are critical infrastructures whose vulnerability cannot be managed solely from a Security Operations Center (SOC).<\/p>\n

    At the sectoral level, the WEF Technology Convergence report<\/a>, published on 28 April, similarly notes that the integration of physical and digital technologies \u2014 characteristic of Industry 4.0 \u2014 simultaneously expands operational capabilities and the surface of exposure to systemic risk. Both reports point to the same conclusion: digital resilience in industrial environments requires risk management that operates across both the logical and physical layers of infrastructure.<\/p>\n

    \"CISOs<\/p>\n

    Chart 3 \u2014 CISOs identifying space infrastructure risk. Source: WEF Global Cybersecurity Outlook 2026<\/em><\/p>\n

    Key Recommendations and Best Practices<\/h2>\n
      \n
    1. Update critical dependency mapping.<\/strong> Identify which operational processes and services depend on external digital infrastructure \u2014 connectivity, cloud, third-party services \u2014 and map their dependency chains down to the physical infrastructure provider level. Explicitly ask providers about their contingency plans for submarine cable interruptions or space weather events.<\/li>\n
    2. Include physical disruption scenarios in business continuity exercises.<\/strong> BCPs and DRPs must address unintentional, geographically broad disruption scenarios, not only localised failures or deliberate attacks. Simulation exercises should include prolonged connectivity degradation scenarios.<\/li>\n
    3. Review and document analogue operating procedures.<\/strong> For critical processes \u2014 production, logistics, order management \u2014 maintain documented procedures enabling operation without connectivity for defined periods. The erosion of these capabilities is one of the most undervalued risks identified in the report.<\/li>\n
    4. Require physical infrastructure transparency from cloud and connectivity providers.<\/strong> Beyond standard compliance certifications, request information on data centre physical locations, connectivity routes and contingency plans for force majeure events of physical origin.<\/li>\n
    5. Align with the insurance sector on systemic digital risk coverage.<\/strong> The ITU-UNDRR report explicitly recommends updating legal and risk management frameworks to treat unintentional digital disruptions as an insurable risk comparable to natural disasters. This is the moment to review cyber-risk policies with this extended scope.<\/li>\n<\/ol>\n

      \"Physical<\/p>\n

      Chart 4 \u2014 Physical risk coverage in BCPs. Based on ITU-UNDRR 2026 framework<\/em><\/p>\n

      Conclusions<\/h2>\n

      “When Digital Systems Fail”<\/a>\u00a0is not a speculative prospective document. It is an evidence-based analysis that identifies a systematic gap in digital risk management: the underestimation of physical interruption vectors and the cascading effects they generate. For industrial and B2B enterprises, the message is operational: digital resilience cannot be reduced to conventional cybersecurity. It requires risk management that covers the entire dependency chain \u2014 from internal processes to the global physical infrastructure on which they run.<\/p>\n<\/div><\/div><\/div>

      Contents in this article<\/h3><\/div>
      <\/div><\/div><\/div><\/div>

      Ready to acquire customers<\/span>
      \nin the AI \u200b\u200bEra?<\/p><\/h3><\/div>

      We conduct an in-depth analysis of your presence in AI and tell you what opportunities you’re missing.<\/p>\n<\/div>

      Request your audit<\/span><\/a><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

      The joint report by the ITU, UNDRR, and Sciences Po, published in May 2026, documents that most digital disruptions do not stem from an initial failure but rather from cascading effects on interdependent systems. The analysis maps three systematically underestimated layers of physical risk\u2014land, seabed, and space\u2014and identifies the loss of analog skills as an emerging organizational vulnerability. For industrial and B2B companies, the report implies a thorough review of business continuity plans that extends beyond conventional cybersecurity.<\/p>\n","protected":false},"author":2,"featured_media":13556,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[117],"tags":[],"class_list":["post-13555","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-consultancy-en"],"_links":{"self":[{"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/posts\/13555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/comments?post=13555"}],"version-history":[{"count":4,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/posts\/13555\/revisions"}],"predecessor-version":[{"id":13583,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/posts\/13555\/revisions\/13583"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/media\/13556"}],"wp:attachment":[{"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/media?parent=13555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/categories?post=13555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smart-team.io\/en\/wp-json\/wp\/v2\/tags?post=13555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}