This report, produced by the Centre for Risk Studies alongside partners as part of the Cyber Risk Management (CyRiM) project, reveals that a global ransomware cyber-attack could cost $193 billion and affect more than 600,000 businesses worldwide.
In this report’s scenario, the ransomware attack is launched through an infected email, which once opened is forwarded to all contacts and within 24 hours encrypts all data on 30 million devices worldwide. Companies of all sizes would be forced to pay a ransom to decrypt their data or to replace their infected devices.
This report shows that a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, IT clean-up costs, ransom payments and supply chain disruption.
Despite the high costs to business, the report shows the global economy is underprepared for such an attack with 86% of the total economic costs uninsured, leaving an insurance gap of $166bn.
Among the key findings:
- The report challenges assumptions of global preparedness for a cyber-attack of this nature and scale.
- It highlights lessons for the insurance sector in terms of policy, legal and aggregation issues in cyber insurance offerings.
- It also identifies opportunities for insurers to expand their business in insurance classes associated with ransomware attacks.