A cyber attack that disrupts a wide range of cloud services could lead to economic losses of as much as US$53 billion, according to a study released today by Lloyd’s of London.
Should a sophisticated group of “hacktivists” manage to gain control of cloud service providers that serve a large pool of customers, the bank and insurance company said the disruption would be widespread and businesses would be interrupted.
The cost it estimated is similar to that for major disasters, such as hurricanes, for example.
And the cause? Lloyd’s says all it takes is for a hacker group to make a malicious modification to a “hypervisor” that controls cloud infrastructure, causing multiple services to fail.
To come up with the predictions, Lloyd’s reviewed data, interviewed experts and calculated the potential losses though its economic risk models.
“Recent malware attacks only highlight the urgency for companies to mitigate against cyber risks. Asia is particularly vulnerable given its dynamic digital transformation,” said Kent Chaplin, CEO of Lloyd’s Asia Pacific.
“The understanding of cyber liability and risk exposures is still relatively underdeveloped compared with other insurance classes,” he added, in a media release.
In a separate scenario, Lloyd’s estimates that a mass vulnerability attack on an operating system could lead to as much as US$28.7 billion in losses.
This could be the worst case scenario, should a newly-found vulnerability in the software used in, say, 45 per cent of the world, fall into the hands of criminals who use it to attack vulnerable businesses, according to Lloyd’s.
The source of this could be as innocuous as a cyber analyst losing a report on the vulnerability on a train, which is then stolen and traded on the dark Web by criminals and used against businesses, it adds.
Lloyd’s may not mention it direction, but the scenario is reminiscent of the WannaCry and Petya malware used by criminals to lock up thousands of computers and ask for ransom in recent weeks. That was created from tools first developed and stolen from the United States government.