A major, global cyber attack could trigger an average of $US53 billion ($68 billion) of economic losses, Lloyd’s of London said on Monday.
The figure is on par with a catastrophic natural disaster such as US Superstorm Sandy in 2012 and more than five times the cost recorded for the devastating 2011 Queensland floods.
Government goes on cyber offense
Cyber crime costs about a billion dollars a year so the government has announced a plan to disrupt organised offshore cyber criminals.
A Lloyd’s report, co-written with risk-modelling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems run by businesses worldwide.
Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance. A lack of historical data on which insurers can base assumptions is a key challenge.
“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Lloyd’s of London chief executive Inga Beale told Reuters.
Economic costs in the hypothetical cloud provider attack dwarf the $US8 billion global cost of the “WannaCry” ransomware attack in May, which spread to more than 100 countries, according to Cyence.
Economic costs typically include business interruptions and computer repairs.
Lloyd’s general representative in Australia, Chris Mackinnon, said the implications for Australian businesses were huge.
The so-called Petya attacks were reminiscent of the earlier WannaCry.
“Businesses today are interconnected by digital technology and services, meaning a single cyber event can cause a severe impact across an economy, triggering multiple claims and dramatically increasing insurers’ claims costs,” Mr Mackinnon said in a statement.
“This report gives us a real sense of the extent of damage a single, extreme cyber-attack could cause. An attack of that magnitude could create losses bigger than of some of Australia’s worst natural disasters combined.”
The 2011 Queensland floods cost an estimated $14.1 billion. Photo: Nic Walker
The 2009 Black Saturday bushfires in Victoria cost an estimated $7 billion, while the 2011 Queensland floods cost $14.1 billion and the 1989 Newcastle earthquake cost $18.7 billion, Lloyd’s said.
The Lloyd’s report follows a US government warning to industrial firms about a hacking campaign targeting the nuclear and energy sectors.
In June, an attack of a virus dubbed “NotPetya” spread from infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupted activity at ports, law firms and factories.
“NotPetya” caused $US850 million in economic costs, Cyence said.
In the hypothetical cloud service attack in the Lloyd’s-Cyence scenario, hackers inserted malicious code into a cloud provider’s software that was designed to trigger system crashes among users a year later.
By then, the malware would have spread among the provider’s customers, from financial services companies to hotels, causing all to lose income and incur other expenses.
Average economic losses caused by such a disruption could range from $US4.6 billion to $US53 billion for large to extreme events. But actual losses could be as high as $US121 billion, the report said.
As much as $US45 billion of that sum may not be covered by cyber policies due to companies underinsuring, the report said.
Average losses for a scenario involving a hacking of operating systems ranged from $US9.7 billion to $US28.7 billion.
Lloyd’s had a 20 to 25 per cent share of the $US2.5 billion cyber insurance market, Ms Beale said in June.
Reuters with BusinessDay