A new report from Lloyd’s of London has found that a cyber attack on a global scale could result in losses of £40.48 billion, a figure that has grown in line with the increasing formidability and profile of cyber threats.
Due to difficulty in calculating the true financial cost of a cyber attack, Lloyd’s of London gave broad margins to the estimate, with potential losses set at between $15 billion and $121 billion. The report was co-written by risk-modelling firm, Cyence.
To put the top end of this scale into perspective, natural disasters such as Hurricane Katrina, and U.S. Superstorm Sandy incurred losses that surpassed $100 billion.
A figure of $53 billion (£40.48 billion) is the midpoint given by the insurer, representing an attack on a large enough scale to halt a cloud service provider.
The hypothetical scenario used in the report involves malicious code being inserted into the software of a cloud provider that would come into effect a year later triggering crashes. In the meantime the malware would have spread among customers and service providers alike, resulting in vast losses.
Cyber attacks on a global scale are beginning to be recognised in the mainstream, with instances such as the WannaCry ransomware attack causing worldwide chaos that grabbed headlines. Major, critical organisations such as the National Health Service and Telefonica were rendered inoperable.
Examples such as this could explain the reason cyber attacks are being viewed so seriously by Lloyd’s of London.
Fears are also growing surrounding the potential for successful cyber attacks on critical infrastructure; an example of this is the SCADA attack on the Ukrainian power grid that resulted in a mass outage.
More recent news pertaining to global cyber attacks on infrastructure include a report from the FBI and Homeland Security in the US that revealed attacks on nuclear power plants.
In instances such as this, not only could potentially massive economic losses be incurred, but there is also a question of whether human life could be endangered. A new form of malware geared specifically toward attacking infrastructure called Industroyer has also been recognised globally.
This article is from the CBROnline archive: some formatting and images may not be present.