News of cyber attacks barely raises an eyebrow at the moment, given their frequency. Neither does eye-watering estimates on the overall size of the issues - such as the recent Lloyds of London warning.
However, organisations can struggle to understand what this means for them - leading to an over or under-reaction, both of which can have worrying consequences.
Following a vulnerability assessment however, it is possible to put a specific financial number/range on cyber-risk, through scoring the results of the assessment, compliance and enterprise-wide governance. This allows organisations to take more informed decisions on how to manage cyber risk.
Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than $120bn (£92bn) – as much as catastrophic natural disasters such as Hurricanes Katrina and Sandy. Published two months after a ransomware cyber-attack that hobbled NHS hospitals and hit nearly 100 countries, a 56-page report from the world’s oldest insurance market says the threat posed by such global attacks has spiralled and poses a huge risk to business and governments over the next decade. The most likely scenario is a malicious hack that takes down a cloud service provider with estimated losses of $53bn, according to Lloyd’s. This is the average estimate, but because of the uncertainty around calculating cyber losses it estimates the figure could be as high as $121bn or as low as $15bn.