LONDON • A major global cyber attack could trigger an average of US$53 billion (S$72.6 billion) of economic losses, a figure on a par with losses caused by a catastrophic natural disaster such as US Superstorm Sandy in 2012.

Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance.

The report by Lloyd's of London, released yesterday and co-written with risk-modelling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems worldwide.

"Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event," said Lloyd's of London chief executive Inga Beale.

Economic costs in the hypothetical cloud-provider attack dwarf the US$8 billion global cost of the WannaCry ransomware attack in May, which spread to more than 100 countries, according to Cyence.

Economic costs typically include business interruptions and computer repairs.

The Lloyd's report follows a US government warning to industry about a hacking campaign targeting the nuclear and energy sectors.

Last month, a virus dubbed NotPetya spread from infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupted activity at ports, law firms and factories. NotPetya caused US$850 million in economic costs, Cyence said.

In the hypothetical cloud-service attack in the Lloyd's-Cyence scenario, hackers insert malicious code into a cloud provider's software, designed to trigger system crashes among users a year later.

By then, the malware would have spread among the provider's customers, from financial services companies to hotels, causing all to lose income and incur other expenses.

REUTERS