Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than $120bn (£92bn) – as much as catastrophic natural disasters such as Hurricanes Katrina and Sandy.
Published two months after a ransomware cyber-attack that hobbled NHS hospitals and hit nearly 100 countries, a 56-page report from the world’s oldest insurance market says the threat posed by such global attacks has spiralled and poses a huge risk to business and governments over the next decade.
The most likely scenario is a malicious hack that takes down a cloud service provider with estimated losses of $53bn, according to Lloyd’s. This is the average estimate, but because of the uncertainty around calculating cyber losses it estimates the figure could be as high as $121bn or as low as $15bn.
At the upper end, the cost would outstrip the damage wreaked by Hurricane Katrina in 2005, estimated at $108bn (including $80bn of insured losses). Hurricane Sandy in 2012 is estimated to have caused economic losses of $50bn-$70bn.
Inga Beale, chief executive of Lloyd’s, said: “This report gives a real sense of the scale of damage a cyber-attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs.
“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber-threat reality,” she said.
The second-most likely threat stems from attacks on computer operating systems run by a large number of businesses around the world, which could cause losses of up to $28.7bn (the “mass software vulnerability scenario”).
The majority of these losses are not insured, leaving governments and businesses vulnerable if cyber-attacks happen. The uninsured gap could be as high as $45bn for the cloud services scenario, and $26bn for the mass vulnerability scenario.
Trevor Maynard, Lloyd’s head of innovation and co-author of the report with the cybersecurity firm Cyence, said the global cyberattack in May “showed us that these sorts of attacks are absolutely possible”. Financial services is most at risk, followed by software and technology, hospitality, retail and healthcare.
Source: The Guardian