Cyber-attacks could cost the global economy £40 billion
A major global cyber-attack could cost the worldwide economy £40 billion, with the damage being akin to a catastrophic natural disaster, according to a report by Lloyd’s of London.
As much as £34 billion of that total cost may not be covered by cyber-insurance policies, as many companies are underinsuring their systems, according to the report, seen by Reuters.
It is estimated that a major hack of cloud service providers and global business systems would significantly dwarf the extensive damage caused by the WannaCry attack, which resulted in a cost of roughly £6 billion globally.
The report estimated that the hit on the economy from such an event could land between $15 billion (£11 billion) and $121 billion (£93 billion) – a wide range that the authors blamed on a lack of historical precedence and quantifiable data, leaving the insurers with a challenge as they tried to accurately forecast the potential fallout of a widespread cyber-attack. However, when they ran tests they found the sum could cost between £11 billion and £40 billion ($53 billion).
“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” said Lloyd’s of London chief executive Inga Beale, speaking to Reuters.
As was the case with the WannaCry and NotPetya ransomware attacks this year, the real economic cost is likely to come from network downtime, supply-chain disruption and system repairs.
The report, which was co-written by risk analysis firm Cyence, found that the NotPetya ransomware, which spread from Ukraine to businesses around the world, caused $850 million’s worth of damage to the world economy.
In a modelling test, hackers were able to install malware on the systems of a cloud service provider, which would then lay dormant for a year before triggering. By that time, the malware could have easily spread among the provider’s customers, including financial institutions and small businesses, the report claimed, resulting in widespread losses.
Average losses for a test that involved the hacking of operating systems were between £7.4 billion and £21 billion, according to the underwriter’s report.
Insurance firm CFC Underwriting said last December that cyber-insurance claims were exceeding one per day, up almost 78% on 2015. SMBs with revenues below £50 million were some of the worst affected, the company said, with almost half involving a data breach and financial loss of some kind.
Risk-management firm Aon found that companies around the world were deciding to forego taking out cyber insurance earlier this year, leaving them unable to deal with the effect of recent ransomware attacks. Almost nine in ten of the world’s cyber-insurance policies are held by US companies alone, Aon has stated.