Dear Daniel,
Thanks for your question.
David Simchi-Levi REI enables to focus on mitigation efforts on the risk drivers and risk areas. It was developed for identifying the risk drivers in the supply-chain network (SCM) and was successfully implemented at Ford Motor Company. Recently, UNISDR published a paper using REI on 2011 Thailand flood, which impacted the industrial sector including the automotive and electronics industries to a great extent and whole economy. This paper itself demonstrate that REI can be beneficial in other areas.
Regarding you question about being it standard, only time would tell as the future study emerge on its applications.
Yes, cyber-attacks could also be a mega-threat like a natural hazards in terms of their economic impact, albeit, different in their impact and occurrence mechanism. A natural hazard like earthquake can not be stopped while a cyber-attack could be stopped by having proper fire-walls in place, a constant vigil, isolating and triplicating the key servers at different geographies and identifying and plugging the areas of weaknesses in the networks.
I hope, this answers your question.