Lloyd’s warns of the high cost of global cyberattacks

The study considered two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of up to United States dollars 53 billion, and attacks on computer operating systems run by a large number of businesses around the world, with losses seen at USD 28.7 billion.

For the cloud service disruption scenario in the report, average economic losses range from $4.6 billion from a large event to $53 billion for an extreme event.

The warning comes just weeks after the global ransomware cyber-attack that affected businesses around the world and the NHS in the UK.

The research reveals the potential economic impact of two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of up to $53 billion, and attacks on computer operating systems run by a large number of businesses around the world which could cause losses of $28.7 billion.

“Because cyber is virtual, it is such a hard task to understand how it will accumulate in a big event”, said Lloyd’s of London chief executive Inga Beale, speaking to Reuters.

If a single cyberattack were to reach Lloyds’ extreme scenario of $121.4 billion, that would not only surpass the damages caused by Hurricane Katrina, but it would also exceed the cost of the 2010 Deepwater Horizon spill in the Gulf of Mexico of $61.6 billion, according to BP’s 2016 estimates.

The report, carried out in collaboration with cyber risk modelling firm Cyence, suggests cloud services firms may not be covered for significant uninsured losses. A lack of historical data on which insurers can base assumptions is a key challenge. These costs mostly go on business interruptions and computer repairs.

WannaCry caused about $8bn in damages worldwide, with NotPetya leading to $850m in economic costs, according to Cyence.

The report’s hypothetical cloud service provider attack involves hackers injecting malicious code created to trigger system crashes among victim systems a year later.

The losses could come from a wide-ranging assault on their cloud service provider that causes failure for their own company, customers and suppliers, Lloyd’s warns today.

Lloyd’s CEO Inga Beale said the report had provided the scenarios to help insurers gain a better understanding.

Finally, around $45 billion of this amount may not be covered by cyber policies due to underinsuring of companies, the study finds.

In recent weeks, several massive waves of cyber attacks in the rançongiciel have hit multinational corporations, companies and services in western Europe, the United States, Ukraine or even in Russian Federation.