A global ransomware cyberattack could cost $193 billion and affect more than 600,000 businesses worldwide.
That’s the finding of a new report from the Cyber Risk Management (CyRiM) project, which presented a scenario in which an attack is launched through an infected email. The idea is that once opened, it is forwarded to all contacts and within 24 hours encrypts all data on 30 million devices worldwide. This could mean companies of all sizes would be forced to pay a ransom to decrypt their data or to replace their infected devices.
The report, Bashe Attack: Global infection by contagious malware, estimated that retail and healthcare would be the most affected with $25 billion each, followed by manufacturing at $24 billion. Regionally, the US would be the hardest hit with $89 billion at risk, followed by Europe with $76 billion, Asia with $19 billion and the rest of the world with $9 billion at risk.
Despite this, the report suggests the global economy is underprepared for such an attack with 86% of the total economic costs uninsured, leaving an insurance gap of $166 billion.
“Companies must ensure they are better prepared for ransomware attacks, and that includes working with insurers to reduce the risks before they are attacked and ensure they have the right insurance cover in place to respond after the event,” Lloyd’s head of innovation Dr Trevor Maynard said. “The reality for business is it’s not if you get attacked but when.”
“As companies increase their reliance on technology, it is essential they increase their defences against challenges such as malware, and effective cyber insurance is a critical component of that defence,” TransRe global head of cyber Elizabeth Geary noted. “Similarly, the insurance industry must also acknowledge and appreciate the potential for systemic risk, in addition to monitoring loss frequency and severity.”
CyRIM project is a Singapore-based public-private initiative that assesses cyber risks, of which Lloyd’s is one of the founding members.