Depending on the reach and scope of a catastrophe, it is possible for large amounts of sensitive information, including personally identifiable information and corporate intellectual property, to lose their physical protection and become easily accessible, as when blowing around in a hurricane or floating in flood waters. While the chances of misuse may be lower because the access to the information was not premeditated, there is still a danger of inappropriate disclosure and misuse. Consideration must be given to forms of storage that can withstand wind trauma, explosions, floods, and the like.
It is possible that both primary and secondary information storage and processing facilities are destroyed by the same catastrophic event. This happened in the terrorist destruction of the World Trade Center and in post-Katrina New Orleans. In such situations it is difficult or impossible to recover or reconstruct the information. Consideration must be given to storing critical information out-of-region or “in the cloud.”
Backup sites might become unusable, unavailable, or unreachable as the result of a catastrophe. I know of at least one such example. If you recall, airlines grounded their planes for about a week after 9-11 in order to put in place some additional security capabilities so that passengers would be willing to fly. During that week there was a major storm in Florida and a particular company declared a disaster. Their backup facility was in Chicago, but there were no flights. They ended up having to go via road, delaying their recovery by several days.