Lloyd's report reveals cloud cyber risk gap

Nearly half the economic risks faced by 301 cities around the world were linked to manmade threats including market crashes cyber attacks power outages and nuclear accidents

"But actual losses could be as high as $121 billion", the report reads.

A major worldwide cyber attack could cause an average of $53 billion (£40 billion) of economic damage, according to new research from Lloyd's of London.

Lloyd's chief executive Inga Beale said the report gave a "real sense of the scale of damage a cyber-attack could cause the global economy".

In this first scenario, average economic losses ranging between $ 4.6 billion for an important event and $ 53 billion for a major event.

The report, which was co-written by risk analysis firm Cyence, found that the NotPetya ransomware, which spread from Ukraine to businesses around the world, caused $850 million worth of damage to the world economy.

The report's authors said businesses need to be aware of the "slow burn" costs of a cyber security incident, which can "dramatically increase" the final bill over time.

Under this scenario, attackers push malicious code into a cloud provider's software that is created to cause system crashes in operating systems used by businesses around the world in a year's time.

Lloyds said underwriters should ensure their premium calculations keep pace with the reality of such costly threats.

By understanding cyber-risk exposure, insurers can improve their portfolio exposure management, set appropriate limits and gain the confidence to expand into this fast-growing insurance class.

The uninsured gap could be as much as $45 billion for the cloud services scenario - meaning that less than a fifth (17%) of the economic losses are actually covered by insurance.

In the vulnerability example, the average costs range from $9.7 billion for a large event to $28.7 billion for an extreme one.

In another scenario, exploiting a chink in a company's software could lead to $26 billion of losses not covered by insurance, Lloyd's believes.

The WannaCry ransomware attack in May 2017 and Petya a month later have raised fears about future global cyber attacks and their potential economic impact, particularly on financial services firms, followed by software and technology, hospitality, retail and healthcare.

Talking of the challenges cyber-risk modeling presents, Cyence said: "The world's companies are increasingly realising that cybersecurity is not just a technical problem but a business risk".

The findings come after Lloyd's warned at the end of June of the shocking fallout of a cyber attack on businesses.

Related News: