Report says an international ransomware attack could cost U.S. $89 billion

Feb. 11, 2019
The region faces the highest level of economic damage in new ransomware scenario created by Cyber Risk Management (CyRiM) project

NEW YORK, Jan. 29, 2019 /PRNewswire/ -- An international ransomware attack could cost the U.S. $89 billion, accounting for nearly half of the $193 billion global price tag for an attack, according to a new report from the Cyber Risk Management (CyRiM) project, of which Lloyd's of London is a founding member.

The cyber-attack – which launches through an infected email, encrypts data on every device connected to the network, and has the potential to spread quickly around the world – causes damages at 600,000 companies, ranging from premier institutions to small businesses.

The catastrophic losses in the U.S. result from a combination of reduced productivity and consumption, IT clean-up costs, ransom payments and supply chain disruption.

The new report, 'Bashe attack: Global infection by contagious malware', shows that across the U.S. an attack would cause economic damage to a wide range of business sectors. Globally, retail and healthcare are the most affected ($25 billion each) and in the U.S. the financial sector also tops the list.

"According to Lloyd's City Risk Index, a cyber-attack is the second greatest threat to the U.S. economy – in large part due to the increasing impact of attacks as the U.S. and global economies become more dependent on and driven by technology," Hank Watkins, Regional Director and President, Americas at Lloyd's, said. "While awareness of the threat posed by cyber-attack and the global insurance industry's response has been growing in the U.S., it's more important than ever for companies, individuals and organizations to anticipate and prepare for breaches.  While not a new form of cyber-attack, WannaCry, NotPetya and subsequent events have demonstrated the potentially devastating impact of ransomware."

The report shows that companies are underprepared for such an attack, with 86 percent of the total economic costs uninsured.

Additionally, Dr. Trevor Maynard, Head of Innovation at Lloyd's, said, "This report shows the increasing risk to businesses from cyber-attacks as the global economy becomes more interconnected and reliant on technology. Companies must ensure they are better prepared for ransomware attacks, and that includes working with insurers to reduce the risks before they are attacked and ensure they have the right insurance cover in place to respond after the event. The reality for business is it's not a question of if you get attacked, but when."

About Lloyd's

  • Lloyd's is the world's specialist insurance and reinsurance market – www.lloyds.com 
  • Led by expert underwriters and brokers in more than 200 territories, Lloyd's market develops the essential, complex and critical insurance needed to underwrite human progress.
  • Backed by diverse global capital and excellent financial ratings, Lloyd's works with a global network of over 4,000 insurance professionals to build resilience for businesses and local communities, and strengthen economic growth around the world.
  • Lloyd's underwrites approximately a third of the global cyber market, with 80% of that written in the US.
  • Lloyd's regularly publishes reports on cyber risk to inform customers on the latest developments. Recent studies include:
    • Business Blackout, which looks at the economic and insurance implications of a cyber-attack on the US power grid.
    • Facing the Cyber Risk Challenge, which found that businesses are still complacent with regards as to how a data breach can impact them, and how to prepare for it.
    • Closing the Gap, which found that businesses could face a much higher bill than they expect or are prepared for after a cyber-attack.
    • Counting the cost: Cyber exposure decoded shows the potential economic impact of a malicious hack that takes down a cloud service provider, and the impact of attacks on computer operating systems used by multiple businesses around the world.
    • Cloud Down: Impact on the US economy show the impact of a top cloud service provider failure risk and highlights the expected financial impact on 12.4 million businesses in the US.

About CyRiM

  • The Cyber Risk Management (CyRiM) project is led by Nanyang Technological University – Insurance Risk and Finance Research Centre (NTU-IRFRC) in collaboration with industry partners and academic experts including the Cambridge Centre for Risk Studies.
  • The project is overseen by a Project Oversight Board consisting of representatives from the Monetary Authority of Singapore (MAS), Cyber Security Agency of Singapore (CSA), NTU-IRFRC and CyRiM industry founding members.
  • CyRiM industry founding members include Aon Centre for Innovation and Analytics, Lloyd's - the specialist insurance and reinsurance market, MSIG, SCOR and TransRe.
  • CyRiM is a pre-competitive research project that aims to foster an efficient cyber risk insurance market place through engaging industry and academic experts guided by government and policy level research.
  • The CyRiM project will help Singapore become an industry center of excellence on cyber risk and grow the cyber risk insurance market by promoting both the demand and supply of insurance coverage.