The recent WannaCry and NotPetya cyber attacks portend the extent and scope of the economic havoc these threats can wreak. Lloyd’s of London along with cyber risk analytics firm, Cyence, in fact, recently issued a report saying that a global cyber attack could trigger an average of $53 billion of economic losses. This figure represents nearly the cost of Super Storm Sandy, which hit the East Coast in 2012, and caused an estimated $62 billion in economic loss.
The report, “Counting the cost: Cyber exposure decoded”, reveals the potential economic impact of two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of $53 billion, and attacks on computer operating systems run by a large number of businesses around the world which could cause losses of $28.7 billion.
In 2016, according to the Lloyd’s-Cyence report, cyber attacks were estimated to cost businesses as much as $450 billion a year globally. These cost typically include business interruption and computer repairs. But it’s not hard to see that a single massive attack spread globally can aggregate to an economic loss similar to natural catastrophe losses. Economic costs in the hypothetical cloud provider attack by Lloyd’s-Cyence dwarf the $8 billion global cost of the WannaCry ransomware attack in May, which spread to more than 100 countries. NotPetya, which spread from infections in Ukraine to businesses around the globe, rendered systems inoperable and disrupted activity at ports, law firms and factories, causing $850 million in economic costs.
In the hypothetical cloud service attack in the Lloyd’s-Cyence scenario, hackers inserted malicious code into a cloud provider’s software designed to trigger system crashes among users a year later. The malware would by then have spread among the provider’s customers, from financial services companies to hotels, causing all to lose income and incur other expenses. Average economic losses caused by such a disruption could range from $4.6 billion to $53 billion for large to extreme events. But actual losses could be as high as $121 billion, according to the report.
“This report gives a real sense of the scale of damage a cyber attack could cause the global economy,” said Inga Beale, CEO of Lloyd’s. “Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs. Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality.”
The report goes on to say that while insurers are increasingly securing more cyber coverage for policyholders and helping them manage cyber events – everything from individual breaches caused by malicious insiders and hackers, to wider losses such as breaches of retail point-of-sale devices and ransomware attacks – the threat of cyber is increasing and is expected to continue to do so as the world economy continues to digitize operations, supply chains and businesses transactions, as well as employee and customer services. The challenge for insurers is to gain a deeper of understanding of the cyber-risk liability and aggregation to forecast the potential for widespread losses and price coverage accordingly.
For instance, the report cites that in some other insurance classes insurers’ understanding of liability and risk aggregation is more developed. “It is widely accepted, for example, that natural catastrophes can trigger multiple claims from multiple policyholders, dramatically increasing insurers’ claims costs. Natural catastrophe insurance policies usually take this into account and reinsurance is commonly used to reduce the impact of risk aggregation.” The report’s findings suggest economic losses from cyber events have the potential to be as large as those caused by major hurricanes. “Insurers could benefit from thinking about cyber cover in these terms and make explicit allowance for aggregating cyber-related catastrophes. To achieve this, data collection and quality is important, especially as cyber risks are constantly changing.”
About Roanoke Underwriting
Roanoke Underwriting serves the commercial marine insurance and customs bond needs of agents and brokers throughout North America working with supply chain risks and logistics service providers. For more information about our products, please contact us at 1.855.213.4545.