A disturbing report by Lloyds of London* has highlighted that several industry sectors are vulnerable to a coordinated and vicious cyber-attack that causes catastrophic losses that runs into the billions financially.
The ‘Bashe attack: Global infection by contagious malware’ report of 2019 highlights that while the world enjoys some great benefits from being so connected, the downside is that we’re all at risk of a ransomware attack - the likes of which we have never seen before.
The report analyses several levels at which losses could occur following such a cyber-attack. The levels, of which there are three, range in severity with S1 being the least and X1 being the most severe.
According to the report, a propagated malicious email attack may range from $85 billion (£65.03) in losses globally in the least severe scenario variant S1 to $193 billion (£147.66) in the most severe scenario variant X1.
Cyber-attacks, as we know them, are typically targeted at one company (big or small) but have yet to see a coordinated, global attack that would infect hundreds of thousands of companies with a ransomware attack resulting in catastrophic losses.
For those of you who are not in the know, ransomware consists of malware that threatens to destroy or block access to files unless a ransom is paid. There’s a danger of malware entering company networks through malicious email which, once opened encrypt all the data on every device connected to the network. It only takes one employee to open an infected email for the entire system to be attacked.
The email, in turn, is automatically forwarded to all contacts in order to infect a greater number of devices and inflict even more damage. The report says that companies of all sizes and all sectors are forced to pay ransom to decrypt the data or replace the infected computers.
It may sound outlandish but, according to this report, it is entirely possible that this could happen. And if it did, many sectors and industries would be ill-prepared for such a catastrophic event.
Industries that are likely to be affected would be retail with at least a $15 billion (£11.48 billion) global loss in an S1 scenario, healthcare with $10 billion (£7.65 billion) in losses and manufacturing with $9 billion (£6.89 billion) in losses.
In an X1 scenario, the retail and healthcare sector would be the worst affected with $25 billion (£19.13 billion) in losses each and manufacturing coming not far behind with a $24 billion (£18.36 billion) global losses.
No doubt that in all these scenarios, companies will not only be suffering financial losses but reputational ones too as customers become wary about who to trust with their data.
The report further drills down the losses suffered by region. While many will be hit globally, the region with the highest economic loss would be the United States, followed by Europe, Asia and the rest of the world.
America would suffer losses ranging from $46-89 billion (£35.19-68.09 billion), while Europe would lose between $30-$76 billion (£22.95-58.14 billion) and Asia would suffer losses ranging $6-$19 billion (£4.59-14.54 billion).
Insurers would also stand to lose billions in the process according to the report. Insurance claims would be made for business interruption, contingent business interruption, cyber extortion, incident response costs and personal cyber along with liability.
Insurers would need to pay out between $10 billion (£7.65 billion) in an S1 scenario to $27 billion (£20.66 billion) in an X1 case.
So, what should you do to make sure your business is not part of an international onslaught. It would be very difficult to counter an attack of this magnitude, but one thing the report does point out is that a lot of companies are underinsured for such an event.
It says that insurance losses would only range between nine and 14% of the total economic loss which highlights that there are high levels of underinsurance in the event of such a cyber onslaught.
Awareness of this type of attack also needs to be raised. Everyone must be clued up on security protocol because there are few businesses on this earth that are not connected in some shape or form and therefore vulnerable to suck a malicious hack.
A cyber defence strategy, says the report, is also vital and companies need to think about building an effective response to contagious malware and this needs to form a key part of their business operations.
Of course, we’re all hoping that this type of coordinated attack never happens but unfortunately we do live in a world where this type of catastrophe is possible. The only thing businesses can do is put the right kinds of protection, security and training in place to ensure that they are not targeted and to prevent this type of attack from spreading.
*The report was also produced by the Cyber Risk Management (CyRIM) project led by Nanyang Technological University in collaboration with industry partners and academic experts including the Cambridge Centre for Risk Studies. CyRIM founding members include Aon Centre for Innovation and Analytics, Lloyds – the specialist insurance and reinsurance market, MSIG, SCOR and TransRe.