A planned global cyberattack caused by ransomware has potential to wreak havoc on the global economy with potential losses hitting $200bn, reveals a new report.
The report, issued by the Cyber Risk Management (CyRiM) project – the Singapore-based public-private initiative that assesses cyber risks – estimates that the planned attack could also affect more than 600,000 businesses around the globe.
Titled ‘Bashe Attack: Global infection by contagious malware’, the report shows that a ransomware attack on a large scale will reduce productivity and consumption, increase IT clean-up costs, ransom payments and supply chain disruption.
In the report’s scenario, the attack is launched through an infected email, which, on opening, has potential to encrypt all data on 30 million devices worldwide within 24 hours.
Subsequently, companies of all sizes would be forced to pay a ransom to decrypt their data or to change their infected devices.
The report also forecasts that total claims paid by the insurance sector in this scenario would be between $10bn and $27bn, where the loss of data from the malware triggers additional claims for data and software loss.
Cyber attack: a lingering threat worldwide
The report highlights that retail and healthcare would be the most affected ($25bn each), followed by manufacturing ($24bn).
The US would be the most affected country with $89bn at risk, while Europe exposure to loss would be $76bn, with Asia losing $19bn.The rest of the world could lose $9bn.
Despite the high costs to business, the report points out that the global economy is underprepared to deal with such an attack with 86% of the total economic costs uninsured, leaving an insurance gap of $166bn.
Lloyd’s head of innovation Dr Trevor Maynard said: “This report shows the increasing risk to businesses from cyber-attacks as the global economy becomes more interconnected and reliant on technology.
“Companies must ensure they are better prepared for ransomware attacks, and that includes working with insurers to reduce the risks before they are attacked and ensure they have the right insurance cover in place to respond after the event. The reality for business is it’s not if you get attacked but when.”