The global insurance giant Lloyds of London has published the results of a study in which it claims that a global cyberattack could cause economic losses equal to those caused by Hurricane Sandy. The sum of $53 billion is stated in the newly released report, which was written in cooperation with cyber-risk assessment firm Cyence.
According to the report, those are the kinds of economic losses that could be experienced if there was a coordinated global cyberattack affecting a cloud service provider, which in turn affected the computers of businesses around the world. The concern for insurers is that it is becoming increasingly hard to estimate the possible fallout from massive cyberattacks.
Citing a lack of historical data on the ever-increasing scale of global cyberattacks, the Chief Executive of Lloyd’s of London, Inga Beale, made the following comment:
“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event.”
Of particular concern are the recent WannaCry and Petya.A attacks, which revealed just how far and wide global cyberattacks can extend. For Lloyds of London, which is facing more requests for insurance against hacking than ever before, assessing those potential risks is vital.
According to the report by Cyence, the costs of a cyberattack on a cloud service provider could vastly eclipse the $8 billion of total losses caused by the WannaCry attack, which spread to 100 countries. Those losses are attributed to both computer repairs and the loss of revenue due to interruptions to business.
Hypothetical Attack Vector
According to the Lloyds/Cyence report, a hypothetical attack that could cause losses of $58 billion dollars is not beyond the realm of possibilities. In the report, the hypothetical cyberattack is caused by malware that is placed onto the penetrated cloud provider’s systems. That malicious code is then used a year later to trigger catastrophic system crashes for businesses.
The report suggests that, once unleashed, the malware could spread from the cloud provider to all manner of businesses and services ranging from financial institutions to retailers and hotels. In the report, the economic impact of this kind of attack is estimated to range from $4.6 billion to $53 billion for further-reaching events. The report even suggests that total costs could reach $121 billion in very extreme circumstances.
The hypothetical cyberattack might sound like something out of the TV show Mr. Robot, but the dangers are very real for insurers, especially nowadays, when more and more firms are seeking insurance against hacking. It’s not all bad for insurance companies, though – far from it – because they can use assessment reports (like today’s) to massively increase cyber-insurance premiums for businesses.
Rising Cyber-insurance Rates
At the moment, firms pay between $2 billion and $3.8 billion for insurance against cyberattacks. Unfortunately, however, Allianz SE – the biggest insurer in the world – says that those premiums are set to skyrocket by 2025.
A recent presentation made by the Insurance Information Institute claims that cyberattacks are now the third-largest risk to businesses around the globe. However, although premiums are set to rise, there is some good news.
Due to hacking incidents like WannaCry and Petya.A, more insurance companies have been entering the market. In the short term, this has actually lowered premiums. Those insurance companies have mainly been targeting smaller businesses who have only recently decided that they need coverage against cyberattacks.
In addition, it is said that there is a growing market for personal liability insurance for individuals who fear that they could be hacked. In fact, Hartmut Mai of Allianz SE admits that “cyber insurance is our key growth area at the moment,” with premiums expected to triple in the next three to four years alone.
Data Desperately Needed
The new Cyence report will be welcomed by the cyber-insurance industry, which has been struggling to assess the risk of cyberattacks, making it difficult to set insurance rates. Under some circumstances, this has left businesses unable to get full coverage.
Costis Toregas, associate director of the Cyber Security Policy and Research Institute at the George Washington University, has gone on the record to describe how rates are currently being set:
“Basically, it’s a crapshoot. It’s throwing darts at the wall to try to establish rates.”
In the US, this lack of data is being tackled by the federal government, which is helping to bring insurers and firms together to cooperate in sharing data about attacks.
The Cyence report raises hope that insurance firms might be able to start better offering comprehensive insurance coverage. However, it seems certain that the only way that it’s going to happen is with massively increased cyber-insurance premiums. With estimated cyber-insurance bills of as much as $20 billion per year by 2025, there needs to be an emphasis on prevention.
Prevention Is Key
With the number of cyberattacks growing year on year, and insurance rates predicted to go through the roof, the need for effective cybersecurity is desperate. Cyberattack prevention equates to fewer attacks, and fewer attacks means better insurance premiums.
The two things are inextricably linked. In order for insurance prices to remain cost effective, businesses around the world are going to need to implement successful cybersecurity.
Is Better Cybersecurity on the Way?
Thankfully, emerging technologies may hold the key to better protecting businesses against future cyberattacks. This week, news has emerged that connected military networks may have found a way to implement better cybersecurity using the blockchain.
The blockchain is an incorruptible peer-to-peer (P2P) public ledger system that is the backbone of Bitcoin (and other cryptocurrencies). That technology is already being repurposed into a number of other sectors.
According to the latest reports, Lockheed Martin recently announced that it was incorporating blockchain technology into networked weapons systems. It is early days yet, but this move from the military industrial complex demonstrates that there is forward movement in the area of cybersecurity.
Those innovations are eventually bound to trickle down into the financial and business sectors. In Israel (which is considered to be the most innovative place in terms of cybersecurity) there is a lot of work happening in the field of implementing blockchain technology. So, with luck, that trickle down process might occur relatively quickly.
Opinions are the writer’s own.
Title image credit: nito/Shutterstock.com
Image credits: supimol kumying/Shutterstock.com, stock_photo_world/Shutterstock.com