Cyber risk analytics firm Cyence and specialty insurance market Lloyd’s of London in July 2017 published a joint report that explores the financial impact on insurers of two specific cyber scenarios in terms of dollars and probabilities. Cyence’s economic modeling platform for cyber risk identified and quantified the potential outcomes that could affect insurance companies’ cyber portfolios. The report focused on two increasingly common cyber events: a cloud service provider outage and a major, zero-day vulnerability exploit falling into the wrong hands. In each scenario modeled, total losses reached into the tens of billions for extreme return periods.

• Bad actors cause cloud service outages: In the first scenario, a group of “hacktivists” inserts a malicious modification to an infrastructure’s code that can be exploited to trigger system-wide failures, leading to widespread service and business interruption. In this scenario and across all industries, extreme loss simulations are estimated at $53 billion in just 2-3 days.
• Human error causes zero-day to fall into the wrong hands: In the second scenario, a zero-day vulnerability affecting all versions of an operating system used by 45 percent of the global market falls into the hands of a malicious actor, who develops system exploits and attacks vulnerable businesses for financial gain. That cyber scenario could cause estimated losses totaling $28.7 billion.

In compiling this report, Cyence and Lloyd’s collaborated with a team of economic modelers and experts from the cybersecurity and cyber insurance industries; furthermore, underwriters from Lloyd’s provided feedback and identified implications for the emerging cyber insurance industry.

Lloyd’s estimates the global cyber market currently is worth between $3 – $3.5 billion.

The full report can be downloaded here ; it includes many definitions, examples, and references.