The potential costs stemming from extreme cyber risk events could rival those of major hurricanes such as Superstorm Sandy, with economic impacts ranging from $4.6 billion up to $53 billion, according to a joint report from Lloyd’s of London and cyber risk analytics firm Cyence.
Lloyd’s and Cyence took an in-depth look at two possible cyber-event scenarios: the first, a group of environmental hacktivists disrupt cloud service providers and their customers, causing widespread business and service interruption. The second scenario envisions the accidental loss of a physical copy of a report on a vulnerability in a widely-used operating system. This human error results in the spread of the information on the dark web and “an undetermined number of unidentified criminal parties” exploiting the zero-day vulnerability.
The average economic losses associated with the cloud disruption were estimated in the range of $4.6 billion for a large event and $53 billion for an “extreme” event, Lloyd’s and Cyence said, but added that the “uncertainty” surrounding cyber aggregation means that impact could be up to $121.4 billion – or as low as $15.6 billion. For the zero-day threat, the report estimated impacts between $9.7 billion to $28.7 billion.
In terms of insured losses, the research revealed a wide gap between insurance proceeds available for the potential events and the actual economic hit at stake. Between seven percent and 17 percent of possible economic losses are currently insured, based on the size of the cyber insurance market.
“Cyber-attacks have the potential to trigger billions of dollars of insured losses,” the two firms wrote. “For example, in the cloud services scenario insured losses range from $620 million for a large loss to $8.1 billion for an extreme loss. For the mass software vulnerability scenario, the insured losses range from US$762 million (large loss) to US$2.1 billion (extreme loss).”