Data breaches are more damaging than many natural disasters

A catastrophic data breach could cost the global economy $121 billion (about £92 billion), according to a study by Lloyd’s of London.

The report says that the most likely scenario for a massive data breach is an attack on a Cloud service provider. It estimates this would cause losses of $53 billion (£40 billion), but because of the difficulty in calculating cyber losses, that figure could realistically be as high as $121.4 billion (£92 billion) or as low as $15.6 billion (£11 billion).

These figures suggest that economic losses from cyber events could be even more damaging than many natural disasters. For instance, the damage wreaked by Hurricane Katrina was estimated at $108 billion (£80 billion), the majority of which came from insured losses. Hurricane Sandy is estimated to have caused economic losses of $50 billion (£38 billion), and the eruption of Iceland’s Eyjafjallajökull volcano cost an estimated $5 billion (£3.8 billion).

Biggest costs are insurance pay-outs

As with natural disasters, the financial cost of cyber attacks is likely to be dominated by insurance pay-outs. In Lloyd’s Cloud services example, insured losses would range from $620 million (£470 million) for a large loss to $8.1 billion (£6 billion) for an extreme loss. The report adds:

When assessing current estimated market premiums against the forecasted cyber scenario insurance loss estimates set out in the report, it is apparent that a single cyber event has the potential to increase industry loss ratios by 19% and 250% for large and extreme loss events, respectively. This illustrates the catastrophe potential of the cyber-risk class.

Inga Beale, chief executive of Lloyd’s, told the Guardian: “This report gives a real sense of the scale of damage a cyber-attack could cause the global economy. Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies, trigger multiple claims and dramatically increase insurers’ claims costs.”

The findings of the Lloyd’s study support a World Economic Forum analysis of the largest risks to doing business, which Lloyd’s cites in its report. Cyber attacks were deemed the twelfth largest risk, ahead of extreme weather events (nineteenth) and natural catastrophes (twentieth).

Protect against cyber attacks

There are many steps you can take to mitigate the threat of cyber attacks, but one of the most important is penetration testing.

Penetration tests are simulated real-world attacks on a network or application. They identify vulnerabilities that an attacker could exploit and help you address weaknesses in your cyber defences. Almost every major organisation in the world has a penetration testing programme, and although smaller organisations’ cyber security budgets might be limited, they shouldn’t underestimate the importance of regular penetration testing.

IT Governance offers a variety of penetration testing packages, including tests of your web applications, wireless networks and employees’ susceptibility to phishing emails. If you book annual tests over the next two or three years, you can receive a discount of 10% or 20%.

Find out more about our penetration testing packages >>