Aside from the obvious security risks (such as fake news, fake cures, snake oil sales, malware, phishing etc), there needs to be a thoroughly tested BCP plan in place. Any organisation who hasn’t at least tested theirs fully yet is asking for trouble. How do you know something works when you need it if you haven’t tested it properly ?