SAN MATEO, Calif., July 17, 2017 /PRNewswire/ -- Cyence, the leading cyber risk analytics firm, and Lloyd's of London, the world's leading specialty insurance market, today announced a joint report that explores the financial impact of two specific cyber scenarios and highlights the importance of measuring cyber risk in terms of dollars and probabilities. Leveraging Cyence's economic modeling platform for cyber risk, the extensive analyses identified and quantified the potential, detrimental outcomes that could affect insurance companies' cyber portfolios. The report focused on two increasingly common cyber events: a cloud service provider outage and a major, zero-day vulnerability exploit falling into the wrong hands.
The report concludes that cyber losses have grown in severity to the point of rivaling major hurricanes in their total potential damages. In each scenario modeled, total losses reached into the tens of billions for extreme return periods.
- Bad actors cause cloud service outages: In the first scenario, a group of "hacktivists" set out to disrupt cloud service providers' infrastructure to draw attention to the environmental impacts of cloud-based businesses. The group inserts a malicious modification to an infrastructure's code that can be exploited to trigger system-wide failures, leading to widespread service and business interruption. Across all industries, Cyence's extreme loss simulations are estimated at $53 billion in just 2-3 days.
- Human error causes zero-day to fall into the wrong hands: In the second scenario, a hard copy of a zero-day vulnerability report affecting all versions of an operating system used by 45 percent of the global market makes its way into the hands of a malicious actor by human error. This report is purchased on the dark web by criminal parties who develop system exploits and attack vulnerable businesses for financial gain. Cyence calculated that a cyber scenario of this scale could cause estimated losses totaling $28.7 billion.
Today, Lloyd's estimates the global cyber market is worth between $3 - $3.5 billion (Stanley, 2017). This report was designed to deepen insurers' and risk managers' understanding of cyber risk exposure to improve portfolio exposure management, set appropriate limits and expand confidently into this quickly-growing line of insurance. Furthermore, these scenarios will be critical in moving the industry as a whole toward a standardized approach of measuring cyber risk in the wake of the growing number of high-profile cyber events.
"This report's findings suggest economic losses from cyber events have the potential to be as large as those caused by major hurricanes. Insurers could benefit from thinking about cyber cover in these terms and making explicit allowances for aggregated cyber-related catastrophes. To achieve this, data collection and quality is important, especially as cyber risks are constantly changing," said Trevor Maynard, head of innovation at Lloyd's.
"To date, no computer has been created that could not be hacked—a sobering fact given our radical dependence on these machines for everything from our nation's power grid to air traffic control to financial services. Economic losses are growing exponentially and all companies need a strategy to mitigate cyber risk in today's world," said Marc Goodman, advisor to Cyence and global cyber risk strategist.
In compiling this report, Cyence and Lloyd's collaborated with a team of economic modelers and experts from the cybersecurity and cyber insurance industries. The research process accounted for everything from commonly adopted technologies used across industries to non-technical factors that vary widely like people and processes. Additionally, underwriters from the Lloyd's Market Association participated in a series of workshops to provide feedback and identify implications for the emerging cyber insurance industry.
"Collaborating with Lloyd's market groups and technical third-party experts allowed us to ensure these scenarios were plausible and relevant to the insurance risk management community," said George Ng, chief technology officer and co-founder at Cyence. "Our goal is to arm companies with a common framework to discuss and understand cyber risk in a big picture, accessible manner. It's a complex and constantly evolving landscape, but with our economic modeling-based approach, we can confidently move the market closer to the standardized aggregation frameworks and resiliency models common to traditional Property & Casualty insurance coverage lines."
With expertise earned over centuries, Lloyd's is the foundation of the insurance industry and the future of it. Led by expert underwriters and brokers who cover more than 200 territories, the Lloyd's market develops the essential, complex and critical insurance needed to underwrite human progress. Backed by diverse global capital and excellent financial ratings, Lloyd's works with a global network to grow the insured world – building resilience for businesses and local communities and strengthening economic growth around the world.
Cyence empowers the insurance industry to understand the impact of cyber risk in the context of dollars and probabilities. Cyence's unique approach combines economic/risk modeling, cybersecurity and big data analytics to create an economic cyber risk modeling platform. Cyence's platform and analytics are leveraged by leaders across the insurance industry to help understand and manage cyber risk, as well as to roll out new transformative insurance products.