Liz Booth examines two recent incidents that have raised the stakes on cybersecurity.
It seems we see warnings about cyber risks almost daily but, in recent times, a couple of these warnings have stood out. First, it was the news that hackers have infiltrated computer chips and potentially have access to millions of devices worldwide; then came the latest news about the cost of a major cloud provider failure. This all comes as Europe prepares for the implementation of the General Data Protection Regulation (GDPR) which, for the first time, puts the price of a data breach at 4% of global turnover. As one insurance broker was quoted as saying: "It is the first time we can truly quantify the potential claims cost."
Earlier this year, Lloyd's, in partnership with risk modeller AIR Worldwide, launched a new report, Cloud Down -- The Impacts on the US Economy, which analyses losses for 12.4 million US organisations following the failure of a cloud provider, and proposes an alternative approach to help insurers model these risks, which are typically harder to assess than other perils like natural disasters, due to the complex and highly interconnected nature of the digital world.
In the report, it is revealed that companies outside of the Fortune 1000 -- who are more likely to use cloud provider services -- would carry a larger share of the economic and insurance losses than Fortune 1000 companies. However, the biggest 1,000 companies in the US would still carry 38% of economic losses.
KEY REPORT FINDINGS INCLUDE:
- An extreme cyber incident that takes a top cloud provider offline in the US for three to six days would result in economic losses of $15bn and up to $3bn in insured losses;
- Businesses outside the Fortune 1000 would carry 63% share of economic losses and 57% of insured losses -- indicating that they are at the highest risk;
- Fortune 1000 companies would carry 37% of economic losses and 43% of insured losses;
- Like any model result, these figures have uncertainty and AIR estimates a 95% confidence interval of $11bn--$19bn around the central estimate of $15bn. If a top cloud provider went down:
- Manufacturing would see direct economic losses of $8.6bn;
- Wholesale and retail trade sectors would see economic losses of $3.6bn;
- Information sectors would see economic losses of $847m;
- Finance and insurance sectors would see economic losses of $447m;
- Transportation and warehousing sectors would see economic losses of $439m.
Only a few days before the cloud provider failure report, warnings had come of the increased cyber threat after it emerged major computer firms were battling to patch a security breach in their computer chips.
Matt Sumpter, underwriting director, technology and cyber risks, CNA Hardy, warns: "Personal and business systems may be affected and given the issue appears to extend to cloud providers, there may be an immediate threat, particularly to businesses large and small that use cloud-based data centers or webhosting to run their businesses."
However, there is a silver lining, he believes: "In a sense the timing is fortunate -- if this had happened [after] the implementation of GDPR, which comes into effect in May, the ramifications of this failure could have been much wider.
"This incident reinforces the need for companies to stay vigilant. A security strategy that ensures IT assets are expertly managed has never been more critical in the defence against cyber exposure and the related business continuity and revenue risks."