Lloyd’s and the University of Cambridge’s Centre for Risk Studies recently released a new study examining the insurance implications of a large scale cyberattack targeting the US power grid.
The report examines scenarios in which hackers crash sections of the US power grid in 15 states and Washington, DC – an attack that could leave 93 million people in the dark. The report claims that the blackout would result in a “rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses.”
In the end, the damage to the US economy would be anywhere from $243 billion to $1 trillion depending on the scenario. It estimates that insurance claims related to the blackout could range between $21.4 billion to $71.1 billion depending on the severity of the attack.
Tom Bolt, director of performance management at Lloyd’s, said, “This scenario shows the huge impact and havoc that could result from a major cyber attack on the US. The reality is that the modern, digital, and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm. As insurers, we need to think about these sorts of complex and interconnected risks and ensure that we provide innovative and comprehensive cyber insurance to protect businesses and governments. This type of insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk.”
Dr. Andrew Coburn, Director of the Advisory Board of the Cambridge Centres for Risk Studies and Senior Vice President of RMS Inc. said, “This scenario represents an extreme event that is unlikely, but plausible. We have analysed the groups who might carry out such an attack, their motivation and capabilities. We have looked at the form the attacks might take and the difficulties the perpetrators would have in overcoming the defences that are in place to protect against these types of attacks. Using a detailed technical analysis of how a cyber attack could be carried out and what it would do, we can set out a realistic stress test for portfolio management.”