The FINANCIAL -- A major global cyber-attack has the potential to trigger $53 billion of economic losses, roughly the equivalent to a catastrophic natural disaster like 2012’s Superstorm Sandy, according to a scenario described in new research by Lloyd’s, the world’s specialist insurance market, and Cyence, one of the leading cyber risk analytics modelling firms.
The report, “Counting the cost: Cyber exposure decoded”, reveals the potential economic impact of two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of $53 billion, and attacks on computer operating systems run by a large number of businesses around the world which could cause losses of $28.7 billion. By comparison, Superstorm Sandy, the second costliest tropical cyclone on record, is generally considered to have caused economic losses between $50 billion and $70 billion.
The findings also reveal that, while demand for cyber insurance is increasing, the majority of these losses are not currently insured, leaving an insurance gap of tens of billions of dollars.
Inga Beale, CEO of Lloyd’s, said:
“This report gives a real sense of the scale of damage a cyber-attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs. Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality.
“We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence.”
For the cloud service disruption scenario in the report, average economic losses range from US$4.6 billion from a large event to $53 billion for an extreme event. This is the average in the scenario, because of the uncertainty around aggregating cyber losses this figure could be as high as $121 billion or as low as $15 billion. Meanwhile, average insured losses range from US$620 million for a large loss to US$8.1 billion for an extreme loss.
In the mass software vulnerability scenario, the average losses range from US$9.7 billion for a large event to US$28.7 billion for an extreme event. And the average insured losses range from US$762 million to US$2.1 billion.
The uninsured gap could be as much as $45 billion for the cloud services scenario – meaning that less than a fifth (17%) of the economic losses are actually covered by insurance. The insurance gap could be as high as $26 billion for the mass vulnerability scenario – meaning that just 7% of economic losses are covered.
Lloyd’s worked with Cyence to collect data at internet scale to model cyber risk and evaluate the financial, economic and insurance impact of these scenarios.
Arvind Parthasarathi, CEO of Cyence, added:
“Cyence is excited to be working with Lloyds on empowering the insurance industry to understand and model cyber risk. Leveraging Cyence’s unique cyber risk platform, we’re excited to see insurers providing more capacity, bringing innovative products to market with greater confidence and creating a more robust and sustainable insurance market.”