In the last 12 months, we’ve had Wannacry, Russian election hacking, and a Gmail scam that hit millions. But we haven’t yet had a Hurricane Katrina-style cyberattack hit anywhere in the world. It’s just a matter of time until that happens, researchers reckon, and the effects could be devastating — and expensive.
A report from Lloyds of London, an international insurance company, guesstimates the cost of a global cyberattack at around $53 billion. That puts it up there with the kind of loss that’s normally reserved for a major natural disaster.
In the hypothetical scenario dreamed up by Lloyds, a major cloud services provider is hacked, and malicious code spread to its customers. The code hides out for a year to maximise the number of systems it can spread to, before activating all at once.
There’s a spread of damages that Lloyds forsees. The best-case scenario for such a hack, if every company has robust backups and an intelligent security team, would see $4.6 billion in damages, resulting from lost work time and stolen company data.
The worst-case scenario has damages pegged at $121 billion. By comparison, Hurricane Sandy is estimated to have cost $75 billion in total damages.
The report was commissioned by Lloyds as an exercise to try and work out the company’s potential exposure to cyberattack. Insurance against cyberattacks is increasingly common for businesses, as maintaining security against ransomware and industrial espionage is expensive and far from foolproof.