The research reveals the potential economic impact of two scenarios: a malicious hack that takes down a cloud service provider with estimated losses of up to $53 billion, and attacks on computer operating systems run by a large number of businesses around the world which could cause losses of $28.7 billion. The study, conducted together with Cyence, also found that while demand for cyber insurance is increasing, most of these losses (17%) are not now insured, leaving an insurance gap of tens of billions of dollars. And, in the most extreme cases, losses could rise to as much as $121bn.
Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, triggering multiple claims and dramatically increasing insurers' claims costs, said Beale. The WEF has called for building resilience as these risks become increasingly tangible.
A major, global cyber-attack could trigger an average of $53 billion of economic losses, a figure on par with a catastrophic natural disaster such as U.S. Superstorm Sandy in 2012, Lloyd's of London said in a report on Monday. This is the average in the scenario, because of the uncertainty around aggregating cyber losses. For instance, the business impact on a leading cloud platform lasts for 24 hours and causes cascaded impacts on other businesses dependent upon its services.
The outcome - though there is largely a general lack of information on exactly how vulnerable insurers are - could be disastrous, easily dwarfing the US$8 billion total global cost companies all over the world incurred as a result of the recent WannaCry ransomware attacks.
Average losses for a test that involved the hacking of operating systems were between £7.4 billion and £21 billion, according to the underwriter's report.
The uninsured gap could be as much as $45 billion for the cloud services scenario-meaning that less than a fifth (17 per cent) of the economic losses is actually covered by insurance. The underinsurance gap could be as high as United States dollars 26 billion for the mass vulnerability scenario - meaning that just 7 percent of economic losses are covered. "To achieve this, data collection and quality is important, especially as cyberrisks are constantly changing", said Trevor Maynard, Head of Innovation, Lloyd's.