Hurricane Katrina at peak intensity in the Gulf of Mexico on 28 August 2005
To put that into some sort of context, Hurricane Katrina – the costliest natural disaster in US history, no less – caused $108bn worth of property damage.
Lloyds of London, the world’s oldest insurer, has published a 56-page report that reveals how the potential cost of cyber-attacks has spiralled in recent years.
A malicious hack that takes down a cloud service provider is cited the most likely scenario, with estimated losses ranging from $15bn to $121bn, with the average being $53bn.
“This report gives a real sense of the scale of damage a cyber-attack could cause the global economy,” said Lloyds CEO Inga Beale. “Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs.
“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber-threat reality.”
With average potential losses of $28.7bn, the next-most likely attack, according to Lloyds’ research, is the breach of computer operating systems run by a huge number of organisations around the globe.
Many such losses would not be insured. Lloyds has identified an uninsured gap – of $45bn in the cloud services setting and $26bn for the latter scenario – that makes the prospect of such attacks more alarming still.
As for the most vulnerable sectors, financial services tops the rankings in terms of vulnerability, followed by software and technology, hospitality and retail. After that comes healthcare, in which the consequences could be especially grave.
The NHS was hit by a ransomware attack recently. A recent white paper from the US-based Institute for Critical Infrastructure Technology (ICIT) concluded that the healthcare sector is the most vulnerable and least equipped to defend against hackers. Last year we published an infographic detailing the rise of healthcare hacks and advice on how to secure data in the healthcare industry.
Saudi Aramco, which supplies 10% of the world’s oil, suffered what CNN Tech described as the world’s worst hack in 2012. Although the total costs attributable to the ensuing chaos and salvage operation have not been estimated – indeed, the hack was not reported widely – it apparently destroyed 35,000 computers and sent the entire business into near-meltdown. It was only the bottomless oil wealth of the owners that staved off bankruptcy.
A recent survey of 257 benchmarked organizations conducted by the Ponemon Institute revealed that the average annual cost in damages from cyberattacks amounted to $7.6m.
Cyber insurance is a relatively new form of insurance and is trickier to model than cover for natural catastrophes.
However, if cyber-attacks are seen by Lloyds as potentially comparable with natural disasters when it comes to costs, it nevertheless believes that climactic problems pose the biggest long-term risk.
“From year to year, risk varies relatively little but climate change in the end will be far larger as a risk,” said Trevor Maynard, Lloyd’s head of innovation and co-author of the report with cybersecurity firm Cyence. “It affects the global economic structure, food, water. [It’s like] trying to turn a supertanker around – we can’t start in 30 years when things are going bad, we have to start now.”
