Global Cyber Attack: The New Natural Disaster
How devastating is a wide-ranging, global cyber attack? Just as bad, if not worse, than a natural disaster that could shut power and utilities to millions of people for weeks at a time.
That’s according to Lloyd’s of London, the UK-based insurance company, in a new report analyzing a hypothetical scenario of what the economic impact would be if a cloud server was hacked.
The report compares a “major cyber attack” on a cloud server and its ensuing interruption, with an estimated $53 billion in losses, to Superstorm Sandy, a hurricane that devastated the northeast United States in October 2012. The Lloyd’s report said Sandy’s economic impact reached somewhere between $50 and $70 billion.
That $53 billion would be accumulated in just 2-3 days, the report noted.
For context, Superstorm Sandy resulted in the deaths of 117 people between Oct. 28 and Nov. 30, 2012 in the U.S., included tropical storm force winds to an area of more than 1,000 miles in diameter, and had some kind of storm effect on 24 states.
“Insurers should think about cyber risks in the same way they think about natural catastrophes,” said Trevor Maynard, Head of Innovation at Lloyd’s of London in a promotional video about the report.
The report was created in conjunction with Cyence, a cyber risk modeling firm, which estimated May’s ransomware attack named “WannaCry” at a $4 billion global economic impact. While that ransomware triggered data lockdowns across 150 countries, it was effectively killed within 24 hours of its launch. WannaCry targeted Windows operating systems by exploiting a vulnerability for which a patch was released months in advance. Users who did not update their systems were susceptible to the breach.
“To date, no computer has been created that could not be hacked – a sobering fact given our radical dependence on these machines for everything from our nation’s power grid to air traffic control to financial services,” said Marc Goodman, advisor to Cyence in a statement. “Economic losses are growing exponentially and all companies need a strategy to mitigate cyber risk in today’s world.”
Since the business world is now evolving through digital transformation, cybersecurity has become more important than ever, as enterprise endpoints increase in volume and become threat vectors for anyone looking to crack a business’s information. Cybersecurity is the new information security. Since the world went online 20 years ago, information moved from the filing cabinet to the computer’s motherboard, and recently migrated to the cloud. Securing all the data associated with a single enterprise, no matter the size, is an enormous task, especially considering industry-specific compliance and regulation standards.
“[Businesses] really do need to have a good understanding of the digital landscape in which you operate and the degree of digital risk to your operation or organization,” said Nigel Inkster, Director, International Institute for Strategic Studies in the video. “This is not optional, it is not incidental, it is now central to everything you do. If you get this wrong, then your entire business goes wrong.”
The purpose of the Lloyd’s report is to trigger enterprises into considering their individual cyber security policies, citing $45 billion of the projected $53 billion wouldn’t be covered by cyber policies due to underinsuring.