Annual, global losses from cyber attacks could reach as much as $6 trillion as the world continues to become more interconnected via advanced technology, such as the Internet of Things, according to cyber risk expert and former head of the FBI’s cyber unit, James Trainor.
Addressing an audience at the 2017 Guernsey Insurance Forum held in London recently, Trainor stressed that recent annual loss estimations from cyber attacks are now hugely understated, with the potential loss most likely being far greater than many realise.
According to a 2014 study by the Centre of Strategic and International Studies, annual losses from cyber crimes amounted to $445 billion. However, Trainor feels this number is vastly underestimated.
“Various organisations have done research, over the last couple of years, and some suggest that the figure will go up to six trillion.
“The Internet of Things is a perfect example; there’s about six or seven billion devices connected to the internet now. That number could go up to 20 or even 50 billion devices in the next three to five years, so more connectivity means more opportunities to do denial-of-service attacks, more vectors into your network, more opportunities to crypt those devices to make money,” said Trainor.
The $6 trillion figure is based on 2016 research undertaken by Cybersecurity Ventures.
Far-reaching, global connectivity was one of the biggest reasons for higher annual losses from cyber crime, according to Trainor. But he also highlighted the lack of insurance protection for the peril, which is driving a cyber risk protection gap.
“I’m not sure six trillion is the real number, but I do know the insurance premiums that are coming in, which is about $3 billion annually on cyber. So, whether it’s $445 billion or six trillion, there’s only three billion in capital – that’s a significant gap. Essentially, companies are absorbing the losses for this,” he said.
Adding; “That’s why I call cyber somewhat of a team sport, meaning that companies have to do a better job of protecting their network, the insurance industry has to bring more capital into the industry to cover the losses and government has to do a better job of disrupting it.”
Cyber is viewed as one of the insurance and reinsurance sectors biggest opportunities and challenges, and while products do exist, some being more effective than others, the industry is yet to fully grasp the peril.
Part of the issue concerns modelling and understanding an inherently complex exposure, which is only likely to increase as technology advances and the world continues to become a more connected place.
“If cyber security’s very complicated, cyber insurance is equally complicated. The past is less indicative of the future in cyber. We don’t have 350 years of actuarial data to underwrite cyber risk – the threat evolves. Ransomware is a perfect example of how the threat has evolved over the last three years. It went from getting paid from a credit card or PayPal to now having to do the transaction entirely on Tor, which is an anonymised browser, and pay via a virtual currency,” said Trainor.