Disruption of cyber-attack scenario detailed

by Annette Whitfield 10 Jul 2015

Disruption of cyber-attack scenario detailed

Loss of life, trillions of dollars in economic losses and the disruption of essential utilities would be some of the implications of a cyber-attack on the power grid in the US, according to a new report.

Business Blackout, a report undertaken by Lloyd’s of London and the University of Cambridge’s Centre for Risk Studies, took an attack on the US power grid as an example in order to examine the economic and insurance implications and their interconnectivity.

In the scenario, hackers destabilise parts of the US power grid plunging 15 states into darkness and leaving 93 million people without power.

Experts predicted there would be a rise in mortality rates as health and safety systems failed; a decline in trade as ports shut down; disruption to water supplies as electric pumps failed and chaos to transport networks as infrastructure collapsed.

Director of performance management at Lloyd’s, Tom Bolt, said: “This scenario shows the huge impact and havoc that could result from a major cyber-attack on the US.

“The reality is that the modern, digital, and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm.

“As insurers we need to think about these sorts of complex and interconnected risks and ensure that we provide innovative and comprehensive cyber insurance to protect businesses and governments.

“This type of insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk.”

The scenario demonstrated the broad range of insurance claims that could be triggered, with total amount of claims paid by the insurance industry estimated at $24.1 billion, a figure that the report says could rise to $71.1 billion in the most extreme version of the scenario.

The report estimated that commercial property, energy and cyber insurance lines would suffer the most losses but predicted losses in many lines: cyber (standard data breaches advanced property); property insurance (including homeowners, personal contents, commercial and construction); casualty insurance (including workers’ compensation, directors and officers, errors and omissions, financial lines, healthcare liability and professional lines); marine and cargo insurance; aerospace; energy; specialty lines including accident and health, aquaculture, equine and surety; war and political risk (including kidnap and ransom and product recalls); agriculture (crop, livestock, forestry and agriculture); and life and health insurance.

At the same time, it estimated that claims would decrease somewhat in both personal and commercial auto insurance.

Bolt said governments also had a role to play by sharing data so that insurers could accurately assess risk and protect businesses.

He said responding to the challenges would demand collaborations harnessing insurers’ multidisciplinary expertise.

Insurers would need to enhance the quality of data available and to continue the development of probabilistic modelling for cyber risk, which would require the sharing of cyber-attack data and pooling of claims information.