What could a global cyberattack cost? The sky is the limit

17 Jul 2017

Cyberattack costs will continue to soar. Image: YIUCHEUNG/Shutterstock

Lloyd’s of London is predicting a costly future in tech.

Global cyberattacks could see economic losses in the tens of billions of dollars, according to Lloyd’s of London.

Admittedly, this is coming from a company that provides insurance for such grim possibilities, but it would appear that the growing threat, and reality, of cyberattacks is only heading one way.

Lloyd’s and Cyence – a risk-modelling firm – have warned of such significant losses in a new report.

Those losses could reach $121bn in what the duo see as the worst-case scenario. Through looking at various cyberattacks, however, they settled on an average cost of around $53bn, should a truly global attack succeed.

Big money

To give those figures some context, WannaCry was estimated to cost the global economy something in the region of $8bn. Petya, which followed soon after, came in at around one-tenth of that figure.

Running a series of risk scenarios, Lloyd’s and Cyence found that a global cloud service disruption scenario could cost anything from $4.6bn to $53.1bn. In the event of a mass software vulnerability, those figures range from $9.7bn to $28.7bn.

However, time is a real problem in these scenarios, with the high end not protected by a cast-iron roof.

For example, losses in cloud service disruption could be as high as $121.4bn, “depending on factors such as the different organisations involved and how long the cloud service disruption lasts for”, said the report.

Birth of cyber risk

The rise of cyber threats is a challenge for everybody, insurers included. This is because traditional insurance risk modelling doesn’t quite work anymore.

In the past, authoritative, empirical data was used to look forward, essentially relying on past incidents. Cyber risk, though, is essentially new.

“While digitisation is revolutionising business models and transforming daily lives, it is also making the global economy more vulnerable to cyberattacks,” read the report.

“The cyber threat is increasing and is expected to continue to do so as the world economy continues to digitise operations, supply chains and businesses transactions, as well as employee and customer services.”

Beyond the plight of the insurer, though, a growing number of reports are highlighting ways for businesses to navigate a route through the minefield of cyber risk.

What should businesses do?

BT and KPMG last week warned organisations all over the world to be wary of a series of crucial traps that could expose them to further attacks.

The duo highlighted areas such as ‘denial’, ‘worry’, ‘false confidence’ and ‘hard lessons’ as fields that require added focus.

While they stressed that investment in technology such as firewalls and antivirus protection is essential ‘good housekeeping’ practice initially, a broad look at defence and attack is also needed.

Mark Hughes, CEO of BT security, said: “The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world.

“Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right.”

Evidence of how important this is came as recently as last week, when a simple case of human error led to a major breach at US telecoms giant Verizon, with around 6m customers’ data exposed – though the company got lucky on this occasion, as ransomware wasn’t involved.

Gordon Hunt was a journalist with Silicon Republic