Global cyber attacks pose a huge risk to businesses and governments, resulting in average economic losses of between $4.6bn and $53bn, according to a 56-page report by Lloyd’s of London.
It calculated the economic impact of such an attack in collaboration with risk-modelling firm Cyence based on the hypothetical hacking of a cloud service provider.
Under this scenario, attackers push malicious code into a cloud provider’s software that is designed to cause system crashes in operating systems used by businesses around the world in a year’s time.
By that time, the malware would have spread among the cloud provider’s customers, causing all to lose income and incur other expenses, pushing actual losses as high as $121bn, the report said.
In comparison, the official cost of Hurricane Katrina in 2005 was $108bn, although unofficial estimates put the cost as high as $250bn. The official cost of Hurricane Sandy in 2012 was $50bn.
The WannaCry ransomware attack in May 2017 and Petya a month later have raised fears about future global cyber attacks and their potential economic impact, particularly on financial services firms, followed by software and technology, hospitality, retail and healthcare.
In response to the impact of WannaCry on NHS trusts and the Caldicott review of data security in the healthcare sector, the UK government has announced that it will boost investment in NHS data and cyber security above the £50m identified in the Spending Review to address key structural weaknesses, such as unsupported systems.
An initial £21m of capital funding will be targeted at strengthening the cyber resilience of major trauma sites as an immediate priority, and improving NHS Digital’s national monitoring and response capabilities.
Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, triggering multiple claims and dramatically increasing insurers’ claims costs, said Beale.