CyberattacksCyberattack could cost $120 billion: Lloyd’s

Insurance giant Lloyd’s of London has warned that the cost of a serious cyberattack to the global economy could reach $120 billion or more – which was the cost of damage inflicted by Hurricanes Katrina or Sandy.

The 56-page report from the world’s oldest insurance firm says the threat posed by global cyberattacks has spiraled, and that it poses a huge risk over the next decade to business and governments everywhere.

The report says that the most likely cyberattack scenario is a hack which manages to shut down a cloud service provider. The insurer estimates the losses resulting from such an attack to be $53 billion. This is the average estimate. There are uncertainties involved in calculating cyber losses, so Lloyd’s provides a range of possible losses — as high as $121 billion or as low as $15 billion.

The Guardian notes that if the losses are around the upper end, they would exceed the damage cvasued by Hurricane Katrina in 2005, estimated at $108 billion (including $80 billion of insured losses). Hurricane Sandy in 2012 is estimated to have caused economic losses of $50 billion to $70 billion.

Inga Beale, chief executive of Lloyd’s, said: “This report gives a real sense of the scale of damage a cyber-attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs.

“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber-threat reality,” she said.

The second-most likely threat scenario involves attacks on computer operating systems, which are operated by a large number of businesses around the world. Such an attack could result in losses of up to $28.7 billion (the report calls this the “mass software vulnerability scenario”).

Lloyd’s notes that the majority of these losses are not insured, leaving governments and businesses vulnerable. The uninsured gap could be as high as $45 billion for the cloud services scenario, and $26bn for the mass vulnerability scenario, Lloyd’s says.

Trevor Maynard, Lloyd’s head of innovation and co-author of the report with the cybersecurity firm Cyence, said the global cyberattack in May “showed us that these sorts of attacks are absolutely possible.” Financial services are most at risk, followed by software and technology, hospitality, retail, and healthcare.

Cyber cover is a relatively new type of insurance. The field has grown over the last few years, and Lloyds’s accounts for about a quarter of global cyber insurance premiums.

The firm’s analysts say that it is much more difficult to model and understand the cover and costs of cyberattacks than the cover and costs of natural catastrophe.

Where people are involved, risk changes quite rapidly, Maynard said, from cyberattacks to terrorism and political risk. Climate change, however, remains the biggest challenge in the long run.

“From year to year, risk varies relatively little but climate change in the end will be far larger as a risk,” he said. “It affects the global economic structure, food, water. [It’s like] trying to turn a supertanker around – we can’t start in thirty years when things are going bad, we have to start now.”

— Read more in Counting the cost: Cyber exposure decoded (Lloyd’s of London, 10 July 2017)