Lloyd's Report Looks at "Plausible Scenario" Single Cyber Attack
November 01, 2019
According to the latest report1 from Lloyd's, titled Shen Attack: Cyber Risk in Asia Pacific Ports, a single cyber attack on major ports across Asia-Pacific could cost $110 billion, which is roughly equivalent to half of all losses from natural catastrophes globally in 2018.2
These losses could occur in an extreme scenario in which a computer virus infects 15 ports across Japan, Malaysia, Singapore, South Korea, and China, according to the report.
Despite the high costs to business and international trade, the report showed that the global economy is underprepared for such an attack, with 92 percent of the total economic costs uninsured, leaving a potential insurance gap of $101 billion.
An attack via a computer virus carried by ships could scramble the cargo database records at major ports and lead to severe disruption, according to the "plausible scenario" depicted in the report. Although the virus only directly affects ports in Asia-Pacific, economic losses would be felt around the world due to the global interconnectivity of the maritime supply chain.
An attack of this scale targeted at ports would cause substantial economic damage to a wide range of businesses through reduced productivity and consumption, incident response costs, and supply chain disruption.
The report estimated the following outcomes.
Transportation, aviation, and aerospace sectors would be the most affected ($28.2 billion of economic losses in total), followed by manufacturing ($23.6 billion) and retail ($18.5 billion).
Productivity losses would affect each country that has bilateral trade with the attacked ports. Asia would be the worst affected region, set to lose up to $27 billion in indirect economic losses, followed by $623 million in Europe and $266 million in North America.
Other key findings from the report were as follows.
The transportation sector in Singapore would take the biggest economic hit, followed by the same sector in South Korea.
"Business interruption" and "contingent business interruption" insurance coverages would be the main drivers of the insured losses (60 percent of the loss in the most extreme version of the scenario).
Nonaffirmative cyber, meaning cyber risk that is not explicitly mentioned in an insurance policy, would account for up to 57 percent of the total insured losses.
Insurance claims would arise from port operators (50 percent of insured losses), companies along the supply chain (21 percent of insured losses), and logistics and cargo handling companies (16 percent of insured losses).
Dr. Andrew Coburn, chief scientist at the Cambridge Centre for Risk Studies, said, "This report highlights the vulnerability of the interconnectivity of the global economy, and how disruption of marine cargo shipments causes widespread loss in supply chains and business operations."
Andrew Mahony, head of Cyber Solutions, Risk, Asia at Aon, added, "The Shen Cyber Attack Scenario highlights the complicated impact of supply chain disruption in the cyber context. For organisations, it presents a chance to review both direct exposure to the financial impact of a complex cyber-attack and the indirect financial impact of such an attack in an interconnected economy."
He continued, "For insurers, the Shen Cyber Attack provides a useful model through which to view accumulation risk and is a good reminder of the need to carefully manage contingent business interruption coverage."
- Shen Attack: Cyber Risk in Asia Pacific Ports was produced by the University of Cambridge Centre for Risk Studies, on behalf of the Cyber Risk Management (CyRiM) project, in partnership with Lloyd's and other contributors.
- Last year, a total of 394 natural catastrophes generated economic losses of $225 billion, according to Aon's Weather, Climate and Catastrophe Insight: 2018 Annual Report.
November 01, 2019