Losses from a major global cyber attack could be on the scale of a major natural catastrophe such as Superstorm Sandy, according to a new report from Lloyd’s and cyber risk firm Cyence.
Estimating losses from two different cyber attack scenarios, the report said a sophisticated and malicious hack that takes down a cloud service provider could cause losses totalling $53bn, putting it within the $50bn to $70bn economic loss range of 2012’s Sandy. In a worst-case scenario, losses could reach $121bn, the report warns.
The report – Counting The Cost: Cyber Exposure Decoded – reveals that a global attack on the computing systems of multiple businesses could cause economic losses of $28.7bn. Lloyd’s adds that the bulk of economic loses from a large-scale cyber attack are not currently insured, with an insurance gap of tens of billions of dollars. Lloyd’s notes that demand for cyber insurance is increasing, but warns the insurance industry to incorporate such scenarios in underwriting and pricing.
Inga Beale, CEO of Lloyd’s, commented: “This report gives a real sense of the scale of damage a cyber attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs. Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality.
“We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures, so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence.”
The cloud service cyber attack scenario puts average economic losses at between $4.6bn and $53bn, but uncertainty in formulating an aggregated figure means losses could be as high as $121bn. Insured losses would fall in the range of $620m to $8.1bn for an extreme event, leaving an uninsured gap of up to $45bn for the cloud services scenario.
Under the global attack on software scenario, which envisages cyber criminals accessing vulnerabilities in computer software used by 45% of the global market, average economic losses are forecast at between $9.7bn and $28.7bn, with insurance covering just 7% of losses at between $762m and $2.1bn. The report notes that such a scenario would create an insurance gap of up to $26bn.