Widespread data loss from a leading operating system provider could cost US businesses nearly $24bn in insured losses, according to new projections calculated by Guy Carpenter and CyberCube Analytics.
The risk management firm and cyber analytics platform provider joined forces to work out the impact of 23 cyber “catastrophe” incidents on US insurers.
The resulting report, Looking Beyond the Clouds: A US Cyber Insurance Industry Catastrophe Loss Study, reveals just how reliant modern organizations are on technology systems.
Most (94%) of the predicted $23.8bn losses stemming from that catastrophic incident at an OS provider were ascribed to business interruption, caused when supply chains and factories fail.
Business interruption also accounted for the vast majority (92%) of losses stemming from another catastrophic scenario: a long-lasting outage at a leading cloud service provider, predicted to cost $14.3bn in insured losses.
Of the five most costly potential scenarios, the remaining three were: large-scale ransomware infection at a leading cloud service provider ($11.5bn), widespread theft from a major email service provider ($19.1bn) and large-scale data loss from a cloud services firm ($22.2bn).
The report also revealed that financial firms are most likely to be impacted in these events, accounting for over 20% of overall insured loss.
“As the cyber-market continues to expand, the (re)insurance industry must develop a much more granular understanding of the potential impact of systemic events,” argued Robert Bentley, CEO of Global Strategic Advisory at Guy Carpenter.
“More work similar to that which we have carried out with CyberCube Analytics needs to be undertaken to help (re)insurers make sound and informed risk tolerance decisions and help create a cyber market sufficiently robust to withstand these catastrophic events.”
However, although the report paints a concerning picture, it deals specifically with insured losses.
According to a Lloyd’s of London report earlier this year, a massive 86% of total economic losses are uninsured. It predicted a major global ransomware attack could therefore cost organizations an estimated $166bn once reimbursements from insurers have been accounted for.