The Strategist

Lloyd's of London: A global cyber attack can cost twice as much as Hurricane Sandy

07/18/2017 - 09:50

Insurance market experts of Lloyd`s of London believe that a global cyber attack can provoke economic losses roughly equal to $ 53 billion. However, this figure may be significantly higher under certain conditions and double the amount of economic damage, for example, from Hurricane Sandy.

The world's oldest insurance market, Lloyd`s of London, published a report in which the company's specialists tried to forecast a scale of economic losses from a possible global cyber attack. The paper’s authors relied upon a hypothetical hacking of a cloud storage provider and cyber attacks on computer operating systems used by business structures around the world. The first scenario is more likely and could cost the world economy $ 53 billion. This is an average figure, since the real scale of the consequences of such hacking is very difficult to predict, the report says. Therefore, the world economy may lose up to $ 120 billion with the worst development of events, and a lesser outcome will cost $ 15 billion.

The second most likely scenario is an attack at computer networks used by companies around the world. The scale of losses from such a cyber attack is much more modest - $ 28.7 billion. However, most of this amount is not subject to insurance.

"This report gives an idea of the real scale of damage that a global cyber attack can cause to the global economy. Like the most terrible natural disasters, cyber attacks can cause significant harm to business and economies of countries around the world, provoke numerous appeals to insurance companies and significantly increase costs of the latter ", commented Lloyd's general director Inga Beale.

For comparison, the damage from Hurricane Sandy in 2012 amounted about $ 70 billion, and Hurricane Katrina resulted in $ 108 billion lost in 2005.

In late June and early July, malware Petya and GoldenEye attacked many large companies around the world. The abusers didn’t earn big sums from the hacking – only four bitcoins, or about $ 10 thousand, were received as "ransom" in two days. 

Western experts do not rule out that the attack was just a cover for more serious attacks that may occur in the future. French computer security specialist Matt Suiche believes that Petya was not really a ransomware, but a viper, that is, a malicious program that collects data from victims to destroy them and impede their work in the longer term. He analyzed work of infected computers and concluded that the virus simply erased the data, for which it demanded ransom. If a victim agreed to pay the money, it turned out the contacts indicated by the attackers were invalid. The researcher concludes that the virus’ creators wanted to organize a mass sabotage and block operation of vital systems of a number of attacked states, be it a system of medical institutions, industrial enterprises or transport companies.

Research company Talos notes that GoldenEye, a ransomware similar to the Petya virus, can be described as follows: "The program is a blackmailer who did not even intend to give away the blocked data." Experts believe that by gaining the opportunity to carry out such massive attacks around the world and collect data from victims, attackers have tried, or may try, to use this technology to block work of affected companies or enterprises. "I would not be surprised if they try to stop operations at the attacked objects," said Amanda Rousseau, a malware researcher at US company Endgame.