Cyberattack on major payment system could cause $3.5T loss, Lloyd's says
The U.S., China and Japan would be the hardest hit if the hypothetical, but plausible, scenario unfolded, according to the London market.
A cyberattack on a major financial services payment system could result in widespread business disruption and potentially result in $3.5 trillion in global economic losses over a five-year period, according to research from Lloyd’s of London and the Cambridge Centre for Risk Studies.
To come at the sum, the London market and academic institution ran nine hypothetical, yet plausible, systemic risk scenarios across major, severe and extreme levels of severity. The $3.5 trillion figure is the weighted average across all three severities modeled, according to Lloyd’s, which used global GDP as its central measurement when running the scenarios. The range of potential losses following such as cyberattack stretch from $2.6 trillion to a high of $16 trillion in the most extreme scenario.
The U.S. would bear the brunt of the economic fallout, with Lloyd’s pegging the country’s potential losses at more than $1 trillion over a five-year period. China is projected to see the second most losses, estimated at $470 billion, while Japan would round out the top three with an estimated economic loss of $200 billion.
Bruce Carnegie-Brown, Lloyd’s of London chairman, said in a statement: “The global interconnectedness of cyber means it is too substantial a risk for one sector to face alone and therefore we must continue to share knowledge, expertise and innovative ideas across government, industry and the insurance market to ensure we build society’s resilience against the potential scale of this risk.”
How extreme is ‘extreme’
When running the models, a major event was one that resulted in the failure of key IT functionality, including business-critical operational systems within financial services, according to Lloyd’s, which noted there is a 1 in 30 year probability of such a cyber breach occurring.
The severe incident model, which has a 1 in 200-year probability, considered the impact of a cyber infestation of malware in a major payment system. Should this occur, Lloyd’s projected that businesses’ systems and services would be disabled for a long time, and that organizations would experience minor disruptions and severe data breaches.
In the most extreme scenario, one in which ransomware significantly infects hardware, systems and services would be down for a long time and extreme disruption would occur. Fundamental transaction data and backups would be severely compromised and the ability to trust primary data sources would come into question. The most extreme scenario has a 1 in 1,000 year probability.
The London market noted that none of these scenarios have any historical reference as none have occurred yet.
Related: