There are many threats to the integrity of a small business, and not all of them are as dramatic as a cyberattack or a hurricane. Every small business needs to do a risk assessment to determine all the threats that exist that could bring harm. External threats are the ones that get the the most attention. These can be big snowstorms or hurricanes that bring down power lines and network connections. They can also be man-made. A power outage due to a grid failure, or an act of terror. Also in this category are phishing scams, cyber attacks and data theft from external sources.
All of these are the ones that make the evening network news, and every business needs to plan how to handle them. However, there are some internal threats that can be just as serious, but are far less attention getting.
For example, human error. Stolen data can occur because someone forgot about changing their passcode, or they left a smartphone containing critical data on the bus. These aren't nefarious acts, but they can still have serious consequences. Have you looked at how you might wipe clean a lost phone? What about the person who forgot to do a backup the day before a server failed?
Another area where human error can occur is a technical oversight. Perhaps an overworked tech who did not recognize the existence of a single point of failure in your IT infrastructure.