Did you miss a session from GamesBeat Summit Next 2022? All sessions are now available for viewing in our on-demand library. Click here to start watching.
(Reuters) — A major, global cyber attack could trigger an average of $53 billion of economic losses, a figure on par with a catastrophic natural disaster such as U.S. Superstorm Sandy in 2012, Lloyd’s of London said in a report on Monday.
The report, co-written with risk-modeling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems run by businesses worldwide.
Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance. A lack of historical data on which insurers can base assumptions is a key challenge.
“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Lloyd’s of London Chief Executive Inga Beale told Reuters.
Intelligent Security Summit
Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.
Economic costs in the hypothetical cloud provider attack dwarf the $8 billion global cost of the “WannaCry” ransomware attack in May, which spread to more than 100 countries, according to Cyence.
Economic costs typically include business interruptions and computer repairs.
The Lloyd’s report follows a U.S. government warning to industrial firms about a hacking campaign targeting the nuclear and energy sectors.
In June, an attack of a virus dubbed “NotPetya” spread from infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupted activity at ports, law firms and factories.
“NotPetya” caused $850 million in economic costs, Cyence said.
In the hypothetical cloud service attack in the Lloyd’s-Cyence scenario, hackers inserted malicious code into a cloud provider’s software that was designed to trigger system crashes among users a year later.
By then, the malware would have spread among the provider’s customers, from financial services companies to hotels, causing all to lose income and incur other expenses.
Average economic losses caused by such a disruption could range from $4.6 billion to $53 billion for large to extreme events. But actual losses could be as high as $121 billion, the report said.
As much as $45 billion of that sum may not be covered by cyber policies due to companies underinsuring, the report said.
Average losses for a scenario involving a hacking of operating systems ranged from $9.7 billion to $28.7 billion.
Lloyd’s has a 20 percent to 25 percent share of the $2.5 billion cyber insurance market, Beale said in June.
(Reporting by Suzanne Barlyn; Additional reporting by Jim Finkle.)
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.