Lloyd’s of London, a renowned insurance marketplace, has released a 56-page report detailing possible outcomes of an extreme cyber attack. Lloyd’s sought to give guidance to insurance underwriters with “realistic and plausible scenarios” to accurately predict damages.
Two Simulations Predict Devastating Effects
The report highlighted two cyber-attack scenarios with varying degrees of severity. The first scenario imagined a hack and takedown of a cloud service provider. Lloyd’s predicted that losses for this type of disruption would likely range from $4.6 billion to $53 billion.
Though those totals are cause for alarm, the report admits that losses could go as high as $121 billion depending on the length of time the cloud service was down. For scale, the costliest natural disasters were Hurricane Katrina at $125 billion and the 2011 Japanese earthquake and tsunami at $250 billion.
That a cyber attack could rank with such devastating events may not surprise everyone. After all, most companies rely extensively upon dependable access to data. The prediction is sobering nonetheless.
Mass Vulnerability Scenario Slightly Less Costly
A scenario based on the WannaCry ransomware attacks found that damages from another such event could range from $9.7 billion to $28.7 billion. The WannaCry attack itself likely cost around $4 billion.
However, that malware spread itself through out-of-date Windows operating systems. If hackers could find a security hole in a current operating system, the damage could be exponentially worse.
No Company is Immune
While cyber attacks hit small businesses particularly hard, large companies also feel the pain. FedEx admitted in its annual report that “customers are still experiencing widespread service and invoicing delays” from the Petya/NotPetya ransomware attack.
The shipping giant listed various costs and losses of revenue because of the malware infection. FedEx did not have cyber-attack insurance, and their stock dipped after the release of the annual report.
Lloyd’s estimates that the global cyber-attack insurance market is worth between $3 billion and $3.5 billion. The growing severity and breadth of attacks may finally convince companies to invest in this hedge against cyber threats.
Much of the advice to prevent cyber attacks remains the same in the wake of this report. Businesses should still update software, back up data, and invest in antivirus software. Investing in cyber-attack insurance now appears to be a prudent addition to that list.
