A major cyber attack on a significant financial services payment system has the potential to unleash widespread business disruptions and could cost the global economy a staggering $3.5 trillion over a five-year span, warns a research study from Lloyd’s and the Cambridge Centre for Risk Studies.
Furthermore, while the cyber insurance market is growing, it remains relatively immature, with an estimated value of approximately $9.2 billion in gross written premiums for 2022 and a projected growth to between $13 billion and $25 billion by 2025. This limited market capacity means that Lloyd’s and similar insurers would only cover a fraction of the possible economic losses faced by businesses and society. In this scenario, the United States would be the hardest-hit, with potential losses of $1.1 trillion over five years, followed by China at $470 billion and Japan at $200 billion.
Additionally, Lloyd’s Chairman Bruce Carnegie-Brown underlines the critical role of insurance in building resilience against systemic cyber risks that threaten businesses and society. The study highlights the interconnected nature of cyber risks, emphasizing the need for knowledge sharing and cooperation among government, industry, and the insurance market to bolster society’s ability to mitigate this risk.
Lloyd’s, where more than a fifth of the world’s cyber premiums are placed, anticipates that the wider adoption of cyber insurance will lead to a positive feedback loop. As underwriters gain more insights into cyber risks, they will develop more tailored and appealing products, thereby increasing demand.
At the same time, the research investigates nine hypothetical but plausible systemic risk scenarios and includes an interactive data tool allowing users to assess the potential economic impact of each scenario across 107 countries at varying severity levels (major, severe, and extreme). The estimated economic losses range from £2.2 trillion in the least severe scenario to $16 trillion in the most extreme scenario.
The probabilities of these scenarios occurring within the next five years are based on various risk factors, with the cyber scenario having probabilities for each severity: major (3.32%, 1 in 30-year), severe (0.50%, 1 in 200-year), and extreme (0.12%, 1 in 1,000-year). Lloyd’s defines “systemic risk” as low likelihood, high impact risks that affect systemically important global enterprises or multiple sectors, societies, or national economies, often with a global impact affecting billions of people concurrently.