A major global cyber-attack has the potential to trigger up to US$53 billion of economic losses – greater than some of Australia’s worst natural disasters combined.
The equivalent cost is more than five times the economic losses recorded for the devastating 2011 Queensland floods, one of the most damaging natural disasters recorded at an estimated cost of A$14.1 billion or US$10.7 billion.
The joint research undertaken by Lloyd’s and cybersecurity advisor Cyence examined the potential economic impact of two global scenarios:
- A malicious hack that takes down a cloud service provider with estimated losses of up to US$53 billion; and
- Attacks on computer operating systems run by a large number of businesses around the world, which could cause losses of US$28.7 billion.
The research acknowledged that economic losses could be much lower or higher than the average in the scenarios because of the uncertainty around cyber aggregation.
For example, while average losses in the cloud service disruption scenario are US$53 billion for an extreme event, they could be as high as US$121 billion or as low as US$15 billion, depending on factors such as the different organisations involved and how long the cloud service disruption lasts for.
The findings also revealed that, while the global demand for cyber insurance is on the rise, the majority of losses are not currently insured, leaving an insurance gap of tens of billions of dollars.
Cyber risk exposures
Asked about the implications for Australia, Lloyd’s general representative in Australia, Chris Mackinnon, said the implications were huge for local businesses of all sizes and across all sectors.
“Businesses today are interconnected by digital technology and services, meaning a single cyber event can cause a severe impact across an economy, triggering multiple claims and dramatically increasing insurers’ claims costs,” he said.
“This report gives us a real sense of the extent of damage a single, extreme cyber-attack could cause. An attack of that magnitude could create losses bigger than of some of Australia’s worst natural disasters combined.”
Putting that into perspective, the 2009 Black Saturday bushfires in Victoria cost an estimated A$7 billion; the 2011 Queensland floods cost A$14.1 billion and the 1989 Newcastle earthquake cost A$18.7 billion.
“Where a decade ago people would talk about preventing a cyber-attack, the reality today is that any business with proprietary information worth protecting is vulnerable to attack. The issue is how you mitigate against that risk,” Mackinnon said.
“These scenarios are designed to help both businesses and insurers gain a better understanding of their cyber risk exposures and better manage these complex and rising risks.”
Since its inception in 2014, there have been over 114,000 reports of cybercrime registered with the Australian Cybercrime Online Reporting Network (ACORN). Notably, 23,700 of these have been reported over the last six months, highlighting a growing occurrence of cyber-criminal activity.