Lloyd’s, the London-based market for insurance and reinsurance, has published a systemic risk scenario that models the global economic impact of what the authors term a hypothetical but plausible cyber attack on a major financial services payments system. The resulting disruption to business could mean economic losses in the trillions, it’s estimated.
The three countries that would stand to see the highest five-year economic loss from the scenario are the United States ($1.1trn), followed by China ($470bn) and Japan ($200bn). The recovery time for individual countries or regions depends on the structure of their economy, exposure levels and resilience.
As Lloyd’s says, cyber insurance is a growing market, estimated at just over $9bn in Gross Written Premiums last year, and forecast to hit between $13bn and $25bn by 2025. This still represents a small portion of the potential economic losses that businesses and society face, Lloyd’s adds.
Bruce Carnegie-Brown, Lloyd’s Chairman, said that it was committed to building resilience around systemic risk and the risk scenario released highlighted the important role of insurance in supporting and protecting customers against the potential threat cyber poses to businesses and society. He said: “The global interconnectedness of cyber means it is too substantial a risk for one sector to face alone and therefore we must continue to share knowledge, expertise and innovative ideas across government, industry and the insurance market to ensure we build society’s resilience against the potential scale of this risk.”
Over a fifth of the world’s cyber premium being placed in the Lloyd’s market. In September, Lloyd’s Futureset held a first Cyber Innovation Forum, connecting customers with representatives from technology, government, and insuranc. Lloyd’s defines systemic risk as a low likelihood, high impact risk which affects either a systemically important global enterprise or multiple sectors, societies, or national economies. Among the other systemic risk scenarios modelled in the research are geopolitical conflict, and extreme weather events leading to food and water shock and economic stagnation.
For Lloyd’s, the Cambridge Centre for Risk Studies took nine systemic risk scenarios. Using global Gross Domestic Product (GDP) as its central measurement, Lloyd’s and the University of Cambridge model calculated the global economic loss of a global cyber-attack on a major financial services payment system as: $3.5trn as the global economic loss over a five-year period (the weighted average across the three severities we have modelled). Global economic loss ranges from £2.2trn in the lowest severity scenario up to $16trn in the most extreme.
Comment
Emma Whitmore Group Vice President, EMEA at Edgio said: “Lloyd’s warning of the cost that cyber attacks could have on a financial services payments system is a reminder that cyberattacks can happen at any time, often without warning. The potential global cost of $3.5 trillion in the event of such an attack demonstrates that no organisation is safe from the threat cybercriminals pose and adequate security solutions are an absolute necessity in today’s climate.
“Financial organisations need full 360-degree visibility into all traffic across their network to detect security exploits – and they need the right solutions in place to help them respond quickly. They must be aware of their current security posture – identifying attack vectors and employing security solutions to resolve any vulnerabilities or other risks to the business. This will include understanding security best practices and the latest standards and regulations related to their online business.
“With the increase in exploits, organisations must also ensure their security solution provides the ability to make critical decisions fast to prevent any downtime. With the correct approach to cybersecurity, brands can ensure their services run smoothly.”
