Lloyd’s and the University of Cambridge’s Centre for Risk Studies have launched a new report: Business Blackout. This joint report is the first to examine the insurance implications of a major cyber attack, using the U.S. power grid as an example.
The report depicts a scenario where hackers shut down parts of the U.S. power grid, plunging 15 U.S. states and Washington DC into darkness and leaving 93 million people without power. Experts predict it would result in a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses.
The total impact to the U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme version of the scenario. The cyber attack scenario shows the broad range of claims that could be triggered by disruption to the US power grid, with total amount of claims paid by the insurance industry estimated at $21.4 billion, rising to $71.1 billion in the most extreme version of the scenario.
Speaking about the new report, Tom Bolt, director of performance management at Lloyd’s, said:
“This scenario shows the huge impact and havoc that could result from a major cyber attack on the United States. The reality is that the modern, digital, and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm.
“As insurers, we need to think about these sorts of complex and interconnected risks and ensure that we provide innovative and comprehensive cyber insurance to protect businesses and governments. This type of insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk.”
“Governments also have a role to play. We need them to help share data, so we are able to accurately assess risk and protect businesses.”
The full report can be downloaded at www.lloyds.com/businessblackout
Lloyd’s has been working with the UK Government and other insurers to develop London as a global centre for cyber risk management.
Lloyd’s produced this report to help underwriters operating in the Lloyd’s market identify these previously unconsidered cyber attack impacts on insurance and risk. The scenario described in this report is relevant to stress and scenario testing required under the Solvency II framework: although unlikely, it represents a class of events with a probability thought to be well within the benchmark return period of 1:200 years against which insurers must be resilient.
Scenarios are not predictions; they explore what might happen based on past events and scientific, social and economic theory. In a world of emerging risk, it is not possible to achieve certainty regarding the nature and scale of threats faced by insurers – as such the insurance industry must be resilient to uncertainty.
Lloyd’s developed the scenario and its likely impacts with researchers from Cambridge Centre for Risk Studies at University of Cambridge Judge Business School.