Major cyberattacks of the future as costly as natural disasters – report
LLOYD’S OF LONDON has said a major cyberattack spanning the globe could cause governments, corporations and individuals to lose as much as US$53 billion on average, putting it on par with natural disasters such as 2012’s Superstorm Sandy.
The insurance market players co-wrote a report with risk-modelling company Cyence that put together a hypothetical situation in which cloud service companies and businesses’ computer operating systems become victims of a major cyberattack.
Lloyds of London CEO says too little info on cyber attacks to accurately price cover @cognosec #cybersecurity https://t.co/cuVS5GRVjS
— John Stoddart (@johnhighfields) November 28, 2016
The hypothetical model examines the fallout of a hacking operation whereby hackers slip malicious code into a cloud service provider’s software. The code would have a built-in delay so they could slip under the defenses and purview of cybersecurity software before being triggered, flooding the providers’ clients.
According to the report, the average cost of such an attack could range anywhere from US$4.6 billion to US$53 billion, depending on the size of the event. However, the high-end of things could push that number up to as high as US$121 billion, which could lead to companies being unable to claim losses from insurers due to a lack of coverage.
SEE ALSO: Real winners of the WannaCry ransomware attack? Insurance companies
As much as US$45 billion of that sum may not be covered by cyber policies due to companies underinsuring, the report said, according to Reuters.
The outcome – though there is largely a general lack of information on exactly how vulnerable insurers are – could be disastrous, easily dwarfing the US$8 billion total global cost companies all over the world incurred as a result of the recent WannaCry ransomware attacks.
“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Lloyd’s of London chief executive Inga Beale told Reuters.
Insurers are notably struggling to understand where in their networks the biggest vulnerabilities are, especially as the pace of cybercrime picks up worldwide in tandem with rising demand for comprehensive cyber insurance. Reuters notes most companies lack information frameworks they can rely on to assess their clients’ risk profiles and make base assumptions, a significant problem for an industry which thrives on data.
SEE ALSO: ‘NotPetya’ more sinister than thought, investigators say as Ukraine scrambles to contain threat
The hypothetical estimations might not be enough for companies who could stand to risk much of their profits if they don’t find a way around their lack of historical information.
Cybersecurity has made headlines over the last three months since two major attacks were made – the WannaCry ransomware crippled more than 200,000 computers in 100 countries while the NotPetya virus, from Ukraine, spread a malicious piece of malware that rendered various factories, law firms and ports inoperable. NotPetya was significantly less costly – globally, it cost organizations US$850 million.
READ MORE
- Analog Devices reaffirms its position in Singapore’s semiconductor market with a new facility
- The US is preparing an executive order to restrict investments in China, but Elon Musk isn’t worried about it
- SEMI: The five Ws and one H to a supply chain initiative for the semiconductor industry.
- Dark Pink: The cyber tune you never wanted to hear
- Untie Nots set to transform loyalty for Singapore’s largest supermarket chain