Lloyd’s and Cyence have produced a report that highlights potential economic losses of up to $121 billion from cyber attacks with less than a fifth being covered by re/insurance, revealing a cyber protection gap in the tens of billions of dollars.
The report looks at both a cloud service provider hack and a mass vulnerability attack scenario, and highlights potential losses in the billions of dollars and a huge, and growing cyber protection gap (disparity between economic and insured losses post-event.)
“This report gives a real sense of the scale of damage a cyber-attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs. Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality,” said Inga Beale, Chief Executive Officer (CEO) of the specialist Lloyd’s insurance and reinsurance marketplace.
“We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence,” continued Beale.
Under the cloud service provider hack scenario, the report finds that average economic losses range from $4.6 billion for a large event to $53.1 billion for an extreme event. However, owing to the inherent uncertainty and complexity surrounding cyber risk and the potential for cyber aggregation, actual economic losses in an extreme event could be as high as $121.4 billion, or as low as $15.6 billion.
The report explains that these figures are “illustrated as 95% confidence ranges – the range of values that act as good estimates to cover known and unknown parameters.”
According to the report, average insurance industry losses from the cloud service provider hack scenario range from as low as $620 million for a large loss to as high as $8.1 billion for an extreme event. Analysis in the report shows that for this scenario the protection gap could be as high as $45 billion, meaning that roughly $20.6 billion, or less than 17% of the economic loss would be covered by re/insurance protection.
Under the mass software vulnerability attack scenario, economic losses range from $9.7 billion for a large event to $28.7 billion for an extreme event, with re/insurance industry losses ranging from $762 million for a large loss, to $2.1 billion for an extreme event.
The analysis reveals that under the mass software vulnerability attack scenario, the cyber protection gap is between $8.9 billion for a large event and $26.6 billion for an extreme event, which means that just 7% of the economic losses are covered by insurance protection.
The threat of cyber attacks continues to rise, and in response so to is demand for cyber coverage and the desire among insurers and reinsurers to develop adequate, affordable and effective cyber risk solutions.
As highlighted by the Lloyd’s and Cyence report, the potential economic and insured loss from a cyber event is huge and appears to be growing, and cyber scenarios such as this could help market players to better understand the potential impacts and costs of large and extreme cyber attacks.
CEO of Cyence, Arvind Parthasarathi, said; “Cyence is excited to be working with Lloyds on empowering the insurance industry to understand and model cyber risk. Leveraging Cyence’s unique cyber risk platform, we’re excited to see insurers providing more capacity, bringing innovative products to market with greater confidence and creating a more robust and sustainable insurance market.”