A catastrophic cyber attack could generate up $121 billion of economic losses, according to a report by cyber insurance company Lloyd's of London, cited by Reuters.
The worst-case scenario includes hacking of a cloud service provider and cyberattacks on computer operating systems run by businesses worldwide. In the hypothetical cloud service attack, hackers insert into a cloud provider’s software malicious code designed to trigger system crashes among users a year later. By then, the researchers say, the malware would have spread among the provider's customers, from financial services companies to hotels, causing all to lose income and incur other expenses.
Average economic losses caused by such a disruption could range from $4.6 billion to $53 billion for large to extreme events, on par with a catastrophic natural disaster such as U.S. Superstorm Sandy in 2012. But actual losses could be as high as $121 billion, the report said.
Some $45 billion of that sum may not be covered by cyber policies due to companies underinsuring, the report said.
Average losses for a scenario involving a hacking of operating systems ranged from $9.7 billion to $28.7 billion.
A previous study by Bitdefender revealed that companies in the US would pay an average of $124,000 to avoid public shaming scandals after a breach. Some 14 percent would pay more than $500,000. Companies based in the UK would pay an average of £82k to avoid public shaming scandals after a breach, while 5 percent would pay more than £500k. German CISOs would spend €80,000 on average.
Bitdefender’s survey shows 34 percent of companies were breached in the past 12 months, while 74 percent of IT decision makers don’t know how the company was breached. CISOs say only 64 percent of cyberattacks can be stopped, detected or prevented with the current resources.
The number of data breaches rose 39 percent in the first quarter of 2017 from the same period in 2016, according to global risk underwriter Beazley’s Breach Response Service. In the first quarter of 2017, the company handled 641 breaches, compared with 462 in 2016.