According to a poll done by Morning Consult firm, cyber attacks are just behind terrorism attacks on the list of biggest threats to the US, it has been estimated that the insurance industry could face losses of about $21 billion. That poll was conducted in the period between May 29 and May 31 by interviewing a national sample of 2,173 registered voters.
Nearly 36 percent of voters consider acts of terrorism atop a list of major security threats, followed by cyber attacks at 32 percent.
According to the Lloyd’s of London, cyber attacks would have a significant impact on multiple types of insurance
As reported in the “Business Blackout“, a joint report by Lloyd’s and the University of Cambridge’s Centre for Risk Studies, the insurance implications of a cyber attack on the US power grid could have a catastrophic impact.
The “Business Blackout” report tries to describe the impacts of a cyber attack on the national power grid, which causes an electrical blackout that plunges 15 US states and principal cities, including New York City and Washington DC, into darkness. Nearly 93 million people will remain without power in the scenario hypothesized by the study.
The experts simulate a malware-based attack which is able to infect the imaginary ‘Erebos’ trojan electricity generation control rooms in several locations in the Northeastern United States. The attack will cause health and safety systems fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of main services, including transportation. The malware is able to infect the Internet and search and compromise 50 generators that it will destroy, causing prolonged outages in the region.
The total of claims paid by the insurance industry is estimated to be included in the interval comprised between $21.4bn and $71.1bn, depending on the evolution of the scenarios designed by the researchers.
In this scenario, the researchers estimated the economic losses could range from $243 million to $1 trillion, depending on the number of components in the power grid compromised by the attack.
“Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.” states the report.
The researchers analyzed the “historical outages” estimating that currently the power interruptions, most of which last five minutes or less, already cost the US about $96 billion. The cost related to a prolonged outage is likely to be included in the range of $36 billion to $156 billion. The Commercial and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on the electricity supply.
“Evidence from historical outages and indicative modelling suggests that power interruptions already cost the US economy roughly $96bn8 annually.9 However, uncertainty and sensitivity analysis suggest this figure may range from $36bn to $156bn.” continues the report. “Currently over 95% of outage costs are borne by the commercial and industrial sectors due to the high dependence on electricity as an input factor of production.”
It is the first time that the insurance industry propose a similar report, the estimates provided are merely indicative due to the large number of factor that can influence the cost, anyway it is important to understand the hish risks of a cyber attack against a critical infrastructure like a power grid and the necessity to adopt an effective cyber strategy to improve their security.
(Security Affairs – Power Grid, critical infrastructure)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.