Asia-Pacific, Climate change, Development and aid, Environment, Featured, Global, Headlines, Sustainable development goals, TerraViva United Nations
Opinion
The effects of Typhoon Odette in Lapu-Lapu City, Cebu, Philippines, 2021. Credit: Unsplash/Carl Kho
– Communities worldwide are increasingly exposed to overlapping threats. Extreme weather conditions, health emergencies and cyberattacks are occurring more frequently and simultaneously, and often interact in ways that amplify risks and overload response systems.
Experts describe this as a polycrisis, where threats converge, creating a complex pressure point for governments, businesses and communities.
Today, a polycrisis is brewing at the intersection of climate change and cybersecurity. The World Economic Forum’s latest Global Risks Report ranks extreme weather and natural disasters among the top global threats, while risks linked to digital and artificial intelligence have moved up the list.
Over the next decade these environmental and technological hazards are expected to dominate, underscoring how deeply intertwined they have become.
Asia and the Pacific are increasingly becoming a focus of these twin threats. The most disaster-prone region in the world, it faced the highest number of disasters and deaths in 2023, with 66 million people affected and annual losses reaching an estimated $780 billion. At the same time, the region has become the new ground zero for cybercrime, driven by rapid digital transformation during and after the pandemic.
In 2024, it accounted for more than a third of all global cyber incidents, including approximately 135,000 ransomware attacks in Southeast Asia alone, costing the region an average of $3.05 million per attack. The Philippines, Indonesia and Vietnam were among the worst affected.
Asia’s geographic exposure and rapid digital growth have turned its climate vulnerability into a growing cyber vulnerability, especially in critical infrastructure and information systems.
As essential services, including health, communications and energy, rely on digital networks, weather-induced disruptions such as typhoons and floods can force systems to resort to manual solutions or less secure channels, creating opportunities for digital breaches at the worst possible time.
The 9.1 magnitude earthquake and tsunami that hit Japan in 2011 provided a glimpse into the interconnected risks between climate and cyber. In the weeks after the earthquake, cybercriminals took advantage of the chaos with phishing and malware schemes disguised as disaster relief efforts, stealing data and hindering recovery.
So far, cases in the region have largely involved natural hazards, but climate change is intensifying these events, increasing their frequency and severity and putting sustained pressure on digital infrastructure, which in turn creates more opportunities for cyber attacks.
Some researchers suggest that, contrary to prevailing beliefs, climate change is expected to increase the frequency and severity of earthquakes and volcanic eruptions, as well as other extreme weather events, and all of these events have been linked to spikes in cyber incidents.
Research shows that the likelihood of cyberattacks increases dramatically during natural disasters as defensive systems and attention are compromised. In the United States, for example, government agencies and researchers have warned the public about the increase in digital threats, including scams in the wake of hurricanes and wildfires, demonstrating how climate hazards can create opportunities for malicious actors.
When these vulnerabilities are exploited, response and recovery efforts can be paralyzed at a time when they are needed most.
This convergence of vulnerabilities changes the nature of disaster risk. The United Nations Office for Disaster Risk Reduction now includes cyber threats in its hazard taxonomies because connectivity losses and cyber incidents reshape exposure and coping capacity. Treating these threats separately leaves significant gaps in preparedness and response.
Across the Caribbean, interest in the convergence between climate and cyber has increased, with governments and partners conducting assessments, dialogues and scenario planning to strengthen shared resilience and ensure that physical and digital systems can withstand compounded crises. In Europe, researchers are drawing lessons from environmental law to inform and strengthen cybersecurity policies.
Given these global developments, it is worrying that the recent COP30 focused heavily on how technology can support climate adaptation, but paid less attention to how the same systems become vulnerable during climate-induced shocks.
Even more worrying is that Asia and the Pacific, despite being highly exposed to both disasters and cyber risks, have not yet shown the same level of integrated response or public alarm seen elsewhere.
The region has strong frameworks for climate and disaster resilience under the Sendai Framework for Disaster Risk Reduction, implemented through regional action plans, financing mechanisms and cooperation programs.
At the same time, ASEAN and its partners have cybersecurity policy guidelines covering digital governance, data management and responding to cross-border cyber threats. However, these pathways operate largely in parallel, missing opportunities for integration.
The reports highlight gaps in the way climate and cyber risks are managed and funded. Agencies still work in silos, with little joint analysis or shared data, and insufficient tools, funding and capacity to manage combined climate and cyber risks.
Asia and the Pacific have the institutions and expertise to respond, but what is missing is a mindset that treats climate and cyber threats as if they are interconnected. As climate extremes and cyberattacks accelerate, the region cannot continue fighting on two fronts with divided defenses.
Building climate-cyber resilience in the region requires integrated planning, strengthened continuity systems and regional cooperation.
First, joint climate and cyber assessments and exercises are needed to identify interdependent failures and strengthen coordinated response.
Second, critical services need robust backups, diversified connectivity, and proven recovery plans that anticipate physical damage to digital infrastructure, ensuring continuity even during disasters.
Third, financing and cooperation should harmonize reporting on composite events, require safeguards and create pooled insurance, supported by development banks and donors.
The convergence of climate and cyber risks is changing the nature of crises around the world. Future disasters are likely to involve multiple interacting shocks rather than isolated events. As this reality enters discussions at platforms such as Davos and ASEAN 2026, the focus is on the Asia-Pacific region to promote integrated resilience as a policy priority. Delaying action will only worsen the impacts and put many more lives and futures at risk.
This article was originally published online on Devpolicy Blog. The blog is managed from the Development Policy Center located at the Australian National University’s Crawford School of Public Policy.
Anne Cortez is a knowledge and communications consultant for the climate and health portfolio of the Asian Development Bank. He also advises the APAC Cybersecurity Fund, an initiative of The Asia Foundation, on strategic communications and policy priorities. Learn more about his work here.
IPS UN Office
$images_for_story = ips_images_for_story(); echo $images_for_story; // story photos to display in sidebar ?>
