E conomic losses from cyber events have the potential to be as large as those caused by major hurricanes, yet less than 20% of losses are covered by insurance, according to Lloyd’s in a report co-written with risk modelling firm Cyence.
The study, using scenarios to quantify potential damages, looked at the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems run by businesses worldwide.
For the cloud service disruption scenario in the report, these losses range from US$4.6 billion for a large event to $53.1 billion for an extreme event; in the mass software vulnerability scenario, the losses range from $9.7 billion for a large event to $28.7 billion for an extreme event.
Insurance gap
Cyber attacks have the potential to trigger billions of dollars of insured losses. For example, in the cloud services scenario insured losses range from $620 million for a large loss to $8.1 billion for an extreme loss. For the mass software vulnerability scenario, the insured losses range from $762 million (large loss) to $2.1 billion (extreme loss).
The scenarios show there is an insurance gap of between $4 billion (large loss) and $45 billion (extreme loss) in terms of the cloud services scenario – meaning that between 13% and 17% of the losses are covered, respectively. The underinsurance gap is between $8.9 billion (large loss) and $26.6 billion (extreme loss) for the mass vulnerability scenario – meaning that just 7% of economic losses are covered.
Insurers
The report, which was designed to increase insurers’ and risk managers’ understanding of cyber risk liability and aggregation, said that insurers could benefit from thinking about cyber cover in these terms and make explicit allowance for aggregating cyber related catastrophes.
To achieve this, data collection and quality is important, especially as cyber risks are constantly changing, said the report. A