Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Monday, 17 July 2017 14:02

BCI: Extreme cyber attack could cost as much as Superstorm Sandy

The Business Continuity Institute

A major global cyber attack has the potential to trigger $53 billion of economic losses, roughly the equivalent to a catastrophic natural disaster like 2012’s Superstorm Sandy, according to a scenario described in new research by Lloyd’s and Cyence.

Counting the cost: Cyber exposure decoded reveals the potential economic impact of two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of $53 billion, and attacks on computer operating systems run by a large number of businesses around the world which could cause losses of $28.7 billion. By comparison, Superstorm Sandy, the second costliest tropical cyclone on record, is generally considered to have caused economic losses between $50 billion and $70 billion.

The study also revealed that, while demand for cyber insurance is increasing, the majority of these losses are not currently insured, leaving an insurance gap of tens of billions of dollars.

Inga Beale, CEO of Lloyd’s, said: “This report gives a real sense of the scale of damage a cyber-attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs. Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality.

For the cloud service disruption scenario, average economic losses range from US$4.6 billion from a large event to $53 billion for an extreme event. This is the average in the scenario, because of the uncertainty around aggregating cyber losses this figure could be as high as $121 billion or as low as $15 billion. Meanwhile, average insured losses range from US$620 million for a large loss to US$8.1 billion for an extreme loss.

In the mass software vulnerability scenario, the average losses range from US$9.7 billion for a large event to US$28.7 billion for an extreme event. And the average insured losses range from US$762 million to US$2.1 billion.

The uninsured gap could be as much as $45 billion for the cloud services scenario – meaning that less than a fifth (17%) of the economic losses are actually covered by insurance. The insurance gap could be as high as $26 billion for the mass vulnerability scenario – meaning that just 7% of economic losses are covered.