Global cyber attack losses could reach $53bn – Lloyd's

A major global cyber attack could trigger an average of $53bn in economic losses, on the same scale as a catastrophic natural disaster like Superstorm Sandy that hit New York in 2012, according to a Lloyd’s report.

The report, “Counting the cost: Cyber exposure decoded”, reveals the potential economic impact of two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of $53bn, and attacks on computer operating systems run by a large number of businesses around the world which could cause aggregate losses of $28.7bn.

Superstorm Sandy, which was the second costliest tropical cyclone disaster on record, racked up losses estimated at up to $70bn.

The report was conducted in collaboration with cyber risk modelling firm Cyence. The findings also reveal that, while demand for cyber insurance is increasing, the majority of these losses are not currently insured, leaving an insurance gap of tens of billions of dollars.

The uninsured gap could be as much as $45bn for the cloud services scenario – meaning that less than a fifth (17%) of the economic losses are actually covered by insurance. The insurance gap could be as high as $26bn for the mass vulnerability scenario – meaning that just 7% of economic losses are covered.

Inga Beale, CEO of Lloyd’s, said the report gives a real sense of the scale of damage a cyber-attack could cause the global economy.

“Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs,” Beale said.

“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality.”

Keith Xia, head of risk management at Intercontinental Hotel Group told StrategicRISK Asia-Pacific: “That £52bn is quite scaring number but I would not be surprised if a cyber attack exceeds the losses from a catastrophic disaster, given the scale of the data that companies collect and the dependence on that data for a lot of businesses.

“As I have seen in the local market, lots of risk managers now seriously consider the threat of cyber risk and look towards cyber insurance,” said Xia.

Paul Looker, CEO of Cybassurance, said risk managers face some pressing questions: Are we mitigating the right cyber risks? Are we doing enough? Should we buy cyber at all, or increase our current cyber liability coverage?

“An angle I’m interested in is the impact [of a cyber attack] on everyday people and to what extent the cost of addressing mental health issues or absences from work are taken into account,” said Looker.

“For example, if a significant privacy breach of huge magnitude divulges individuals’ most private browsing history, you could well imagine significant spikes in suicide and absences from work. It could be a potentially huge impost on the health system,” he said.