Global cyber-attack could reportedly cost around $53 billion, or even worse

Yolanda Curtis
July 17, 2017

Published two months after a ransomware cyberattack that hobbled National Health Service hospitals and hit almost 100 countries, a 56-page report from the world's oldest insurance market says the threat posed by such global attacks has spiraled and poses a huge risk to business and governments over the next decade.

The insurance market players co-wrote a report with risk-modelling company Cyence that put together a hypothetical situation in which cloud service companies and businesses' computer operating systems become victims of a major cyberattack. But those losses could also go as high as $121.4 billion or as low as $15.6 billion depending on the organization and its response.

Under the cloud service provider hack scenario, the report finds that average economic losses range from $4.6 billion for a large event to $53.1 billion for an extreme event.

The report comes two months after the WannaCry ransomware attack that disrupted NHS services and spread to more than 100 countries, and the more recent NotPetya malware that damaged the computer systems of a number of major companies internationally.

As much as £34 billion of that total cost may not be covered by cyber insurance policies, as many companies are underinsuring their systems, according to the report, seen by Reuters. "Because cyber is virtual, it is such a hard task to understand how it will accumulate in a big event", Lloyd's of London Chief Executive Inga Beale said.

Lloyds said underwriters should ensure their premium calculations keep pace with the reality of such costly threats.

In the mass software vulnerability scenario, the average losses range from $9.7bn for a large event to US$28.7bn for an extreme event.

She continued: "We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence". The underinsurance gap could be as high as Dollars 26 billion for the mass vulnerability scenario - meaning that just 7 percent of economic losses are covered. This compares with the economic losses of Sandy that amount to between $50bn and $70bn. "Insurers could benefit from thinking about cyber cover in these terms and make explicit allowance for aggregating cyber-related catastrophes".

Arvind Parthasarathi, CEO, Cyence, said: "Cyence is excited to be working with Lloyds on empowering the insurance industry to understand and model cyber risk".

Other reports by iNewsToday