As discussed in prior posts, recent cyber events, such as the “Wanna Cry” ransomware attack, serve as important reminders to policyholders that cyber insurance should remain a priority for any business facing potential exposure from a cyber event. A recent report further underscores the potential impact of a major global cyber event, estimating that the resulting loss could exceed $53 billion worldwide, on par with the damage caused by catastrophic natural disasters such as hurricanes.
Earlier this week, Lloyd’s of London issued an emerging risk report, co-authored with risk-modeling firm Cyence, that examines several plausible cyber-risk scenarios to help insurers and policyholders understand cyber liability and risk exposures in an area that the report concludes is relatively underdeveloped compared with other classes of insurance.
The report is an insightful predictor for risk managers whose businesses may be exposed to cyber-attacks, providing detailed illustration of the potential scope and magnitude of a global cyber event, as well as illustrating the challenges posed by increased global cyber threats and how policyholders can attempt to both mitigate potential losses and develop appropriate cyber-attack response plans. Many industry trends, such as the volume of software developers, the prevalence of open-source software, continued reliance on outdated software, and the multi-layered approach to building software, contribute to the proliferation of global cyber vulnerability.
The report’s key findings include:
- Direct economic losses resulting from major cyber events, such as widespread cloud service disruption or “mass vulnerability” system failures, range from $4.6 billion for a “large event” to more than $53 billion for an “extreme event.”
- Cyber events continue to pose “catastrophic risk” to policyholders, as a single cyber event has the potential to increase industry loss ratios by 19% to 250% in large and extreme loss events, respectively.
- The scenarios highlighted in the report indicate significant “insurance gaps” in instances of extreme cyber losses—meaning that only a small portion of losses will be covered by existing cyber programs.
A copy of the report can be found here.