In a recent report from Lloyd's of London, they have said that a major global cyber-attack could trigger up to US$121bn (S$166bn) in economic losses, surpassing losses from a catastrophic natural disaster such as Hurricane Sandy.
Following a survey among companies in Sinapore which identified that 91 percent are only in their early stages of security preparedness, chief executive of Lloyds Asia-Pacific, Kent Chaplin, said the potential economic impact poses significant implications for businesses in Singapore.
“Technology has opened the door to a world of opportunity for businesses of all shapes and sizes, but it has also connected and exposed them to potential threats. This report shows the impact a single cyber attack can have as it ripples through the economy, resulting in potential economic losses similar to some of the world’s worst natural catastrophes.”
Hurricane Sandy, which hit the United States in 2012, is estimated to have resulted in approximately US$50bn in economic losses.
The report, which the insurance giant co-wrote with risk-modelling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber-attacks on computer operating systems run by businesses worldwide. The report said that average losses caused by the cloud service attack range from US$4.6bn to US$53bn, but the figure could be as high as US$121bn in an extreme scenario.
As much as US$45bn of that sum may not be covered by cyber policies due to companies underinsuring, it added. The failure of an operating system run by a large number of computers and businesses around the world could cause losses ranging from US$9.7bn to US$28.7bn, the report said.
Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance. One key challenge is the lack of historical data on which insurers can base their assumptions.
Lloyd’s of London chief executive Inga Beale told Reuters. “Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,”
Economic losses in the hypothetical cloud provider attack would dwarf the US$8bn global cost of the WannaCry attack in May, which hit more than 100 countries, according to Cyence.
In Singapore, about 500 Internet Protocol addresses were affected by the WannaCry ransomware, which is malicious software that takes over a computer and prevents users from accessing data until a ransom is paid.
“Recent malware attacks only highlight the urgency for companies to mitigate against cyber risks. Asia is particularly vulnerable, given its dynamic digital transformation … The (Singapore) Government’s proposed Cyber Security Bill reinforces the need for policymakers and businesses to work hand-in-hand to safeguard against this growing threat,” said Mr Chaplin.
Last month, an attack of a virus dubbed “NotPetya” spread from Ukraine to businesses around the globe, encrypting data on infected machines and rendering them inoperable at ports, law firms and factories. No critical information infrastructure in Singapore was hit, however some businesses suffered disruptions as employees made alternative work arrangements, such as logging off from company servers and working remotely, as a precaution. “NotPetya” resulted in US$850mn in economic losses globally, Cyence said.
In the hypothetical cloud service attack in the Lloyd’s-Cyence scenario, hackers’ inserted malicious code into a cloud provider’s software designed to trigger system crashes among users a year later.
By then, the malware would have spread among the provider’s customers, from financial services companies to hotels, causing all to lose income and incur other expenses.