Insurance giant Lloyd’s of London has published an emerging risks report on cyber-attacks. The report comes in the wake of several high-profile and wide-reaching malware incidents, including the WannaCry and NotPetya ransomware attacks.
The Lloyd’s report simulated two scenarios—a takedown of a cloud service provider and an attack on operating systems used by a large number of businesses. Given the wide range of outcomes, Lloyd’s estimated that losses could range from $15 billion to $121 billion for an extreme event.
“This report gives a real sense of the scale of damage a cyber-attack could cause the global economy,” Lloyd’s CEO Inga Beale said. “Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs.”
Cyber-Attack Damages Could Rival Natural Disasters
Measuring the full cost of cyber-attacks and natural disasters is difficult. However, estimates put the damage caused by Hurricane Katrina at around $128 billion and Hurricane Sandy at $62 billion. Lloyd’s estimates of an extreme cyber attack would rank with either one of those unforgettable disasters.
The Lloyd’s report came out the same day that FedEx admitted that the Petya/NotPetya attack may have permanently damaged the shipping company’s systems.
In the company’s 10-K filing with the SEC, the company said, “We cannot yet estimate how long it will take to restore the systems that were impacted, and it is reasonably possible that TNT will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted by the virus.”
Fed-Ex’s annual report also admits that “customers are still experiencing widespread service delays” and the company has “experienced loss of revenue” because of the attack.
Fed-Ex did not have any kind of cyber insurance and will have to bear the brunt of its losses entirely on its own. The annual report listed over a dozen different costs that the company incurred as a result of the malware.
Lloyd’s Urges Businesses to Consider Cyber Insurance
Lloyd’s released their report in part to encourage companies to invest in cyber insurance. While FedEx’s stock took a small hit after the company released its annual report, smaller businesses may not survive a ransomware infection.
IT websites frequently advise businesses to invest in antivirus software and back up important files, but they rarely suggest buying cyber insurance. The Lloyd’s report and FedEx’s annual report offer compelling evidence that the situation has evolved. Businesses that want to survive a cyber attack should seriously consider investing in cyber insurance as well as taking standard precautions against malware.