On the World Economic Forum’s (WEF) list of things businesses around the world should be on the lookout for this year, cyberattacks took third place, following natural disasters at number two, and extreme weather events at the top.

WEF’s 80-page Global Risks Report compiles risks to global business compiled with the help of business, government, academic, and other stakeholders around the world. The entire list of hazards include the collapse of governments, poor urban planning, and the spread of disease or the collapse of infrastructure.

Read also: Cyber security a growing threat to small and medium sized businesses

But according to the document, it is primarily technology and nature that businesses should be worried about.

Fourth place was also a technological threat: data fraud or theft.

North American businesses are far from being digital ready. The report’s authors write:

Risk management starts with identifying and estimating the probability and impact of a given threat. We can then decide whether a risk falls within our tolerance limits and how to react to reduce the risk or at least our exposure to it. Time and again, however, individuals and organizations stumble during this process — for example, failing to respond to obvious but neglected high-impact “grey rhino” risks while scrambling to identify “black swan” events that, by definition, are not predictable.

It is strategic identification and preparation for a likely threat that businesses need to do. “Too often board and C-suites approach risk analysis as a standalone activity to be ticked off a list, but then fall short on mitigating the risks that their analysis has identified,” the writers continue.

“Organizations must do better in educating teams on risk awareness. Think of an employee derailing cybersecurity plans by inadvertently clicking on a phishing email because not enough was done to spread risk awareness from the C-suite to the wider organization.”

This rings especially true considering that there were several high-profile U.S. data breaches in 2017 because employees were lured in by phishing scams.

Read the full report here.