lolloj - Fotolia

Global cyber attack could cost up to $120bn, warns Lloyd’s

A global cyber attack could have a similar economic impact as a natural disaster such as Hurricane Katrina, according to the world’s oldest insurance market

Global cyber attacks pose a huge risk to businesses and governments, resulting in average economic losses of between $4.6bn and $53bn, according to a 56-page report by Lloyd’s of London.

It calculated the economic impact of such an attack in collaboration with risk-modelling firm Cyence based on the hypothetical hacking of a cloud service provider.

Under this scenario, attackers push malicious code into a cloud provider’s software that is designed to cause system crashes in operating systems used by businesses around the world in a year’s time.

By that time, the malware would have spread among the cloud provider’s customers, causing all to lose income and incur other expenses, pushing actual losses as high as $121bn, the report said.

In comparison, the official cost of Hurricane Katrina in 2005 was $108bn, although unofficial estimates put the cost as high as $250bn. The official cost of Hurricane Sandy in 2012 was $50bn. 

The WannaCry ransomware attack in May 2017 and Petya a month later have raised fears about future global cyber attacks and their potential economic impact, particularly on financial services firms, followed by software and technology, hospitality, retail and healthcare.

In response to the impact of WannaCry on NHS trusts and the Caldicott review of data security in the healthcare sector, the UK government has announced that it will boost investment in NHS data and cyber security above the £50m identified in the Spending Review to address key structural weaknesses, such as unsupported systems.

An initial £21m of capital funding will be targeted at strengthening the cyber resilience of major trauma sites as an immediate priority, and improving NHS Digital’s national monitoring and response capabilities.

Read more about cyber insurance

Inga Beale, chief executive of Lloyd’s, said the report provides “a real sense” of the scale of damage a cyber attack could cause the global economy, according to The Guardian.

Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, triggering multiple claims and dramatically increasing insurers’ claims costs, said Beale.

“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality,” she said.

According to Lloyd’s, cyber insurance cover is more difficult to model and understand than natural catastrophe cover.

“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Beale told Reuters.

In June 2017, Lloyd’s had a 20-25% share of the $2.5bn cyber insurance market, she said.

According to the report, in the worst-case scenario of a global cyber attack costing up to $121bn, as much as $45bn of that sum may not be covered by cyber policies because of companies underinsuring.

Under the hypothetical scenario, average losses resulting from operating systems crashing around the world ranged from $9.7bn to $28.7bn, with as much as $26bn not covered by insurance, the report said.

Read more on Hackers and cybercrime prevention