A recent report from insurer Lloyd's warned that a major global cyber attack could trigger $53 billion in economic losses, roughly equivalent to the economic damage from 2012's Superstorm Sandy.
The report examines two potential scenarios: a disruptive attack on a cloud services provider that could cause losses of $53 billion, and an attack on computer operating systems used worldwide, which could cause losses of $28.7 billion.
Still, those numbers are average losses for an extreme event.
The cloud service disruption could cause losses as high as $121.4 billion or as low as $15.6 billion, according to Lloyd's, depending on the duration of the disruption and the organizations involved -- while the average insured losses range from $620 million for a large loss to $8.1 billion for an extreme loss.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Similarly, a global attack on operating systems could cause losses between $9.7 billion and $28.7 billion -- with the average insured losses ranging from $762 million to $2.1 billion.
Understanding Cyber Risk Exposure
Lloyd's CEO Inga Beale said in a statement that the report is intended to provide a clear sense of the scale of damage a cyber attack could cause the global economy. "Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economie, trigger multiple claims and dramatically increase insurers' claims costs," she said.
"Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality," Beale added. "We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence."
Last fall, NetDiligence's sixth annual Cyber Claims Study found that the average total breach cost in 2016 was $665,000, with an average insurance payout for crisis services (forensics, notification, credit/ID monitoring and legal counsel) of $357,000. For large companies, the average claim was just under $6 million.
According to Lloyd's, the current cyber insurance market is worth between $3 billion and $3.5 billion -- and it could reach $7.5 billion by 2020.
Over $850,000 in Losses Every Minute
A recent RiskIQ study found that with cybercrime costing the global economy $454 billion last year, up to $858,153 is lost to cybercriminals every minute. And while businesses spend up to $142,694 per minute to protect themselves, 1,080 people still fall victim every 60 seconds.
"Today, an organization's digital assets are subject to malware, malvertising, and phishing efforts on a scale never before seen, while rogue apps, domain and brand infringement, and social impersonation cause business disruption and material loss," RiskIQ manager of content strategy Mike Browning wrote in a blog post examing the findings.
Every 60 seconds, the study found, 818 pieces of unique malware are deployed, along with 1,214 ransomware attacks and more than 100,000 phishing emails.
"As companies innovate Web, social, and mobile means to engage with their customers, partners and employees, threat actors will prey on business exposures and brands to capture users' trust, access credentials, and sensitive data," RiskIQ chief marketing officer Scott Gordon said in a statement. "This requires organizations to extend their security programs to monitor and mitigate threats outside the firewall."