The WannaCry ransomware attack in May cost $8 billion across 100 countries, says Lloyds.
According to Cyence: "The insurance industry requires an economic model around cyber-risk, which not only addresses the question on frequency (probability), but also answers questions on severity (how bad is the event going to be?), financial loss (how much is it going to cost?), and recurrence (if a company had an event, what is their probability of having a follow-on event?)".
The report, co-written with risk-modeling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber-attacks on computer operating systems run by businesses worldwide. "Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality". The WEF has called for building resilience as these risks become increasingly tangible.
A major global cyber-attack could mean economic losses of $53 billion (£40bn) on average and up to $121bn, comparable with natural disasters such as Hurricanes Katrina or Sandy, according to Lloyds of London.
The losses caused by such an attack range from as little as $15bn to as much as $121bn, with a $53bn average estimate, Lloyds said, with as much as $45bn of uninsured losses. Unlike traditional property insurance where aggregation is monitored by physical locations, cyber insurance aggregation can span connected systems that extend beyond physical geographies.
In the mass software vulnerability scenario, the average losses range from $9.7 billion for a large event to $28.7 billion for an extreme event. However, the high-end of things could push that number up to as high as US$121 billion, which could lead to companies being unable to claim losses from insurers due to a lack of coverage.
Analysis in the report shows that for this scenario the protection gap could be as high as $45 billion, meaning that roughly $20.6 billion, or less than 17% of the economic loss would be covered by re/insurance protection. The underinsurance gap could be as high as United States dollars 26 billion for the mass vulnerability scenario - meaning that just 7 percent of economic losses are covered.
Inga Beale, chief executive of Lloyd's, said the report provides "a real sense" of the scale of damage a cyber attack could cause the global economy, according to The Guardian. "To achieve this, data collection and quality is important, especially as cyber risks are constantly changing".