Cyber attack may cost world economy $261b: Report

A major cyber attack with demands for ransom from victims could cost US$193 billion (S$261 billion) and affect more than 600,000 businesses worldwide.

The warning comes in a new report from the Cyber Risk Management project, a Singapore-based initiative by organisations from the public and private sectors.

It studied a hypothetical attack launched through an e-mail infected with a ransomware virus that is forwarded to all of a person's contacts. Within 24 hours, it encrypts all data on 30 million devices worldwide. Companies of all sizes would be forced to pay a ransom to decrypt their data or to replace infected devices.

"This report shows the increasing risk to businesses from cyber attacks as the global economy becomes more interconnected and reliant on technology. The reality for business is, it's not if you get attacked but when," said Dr Trevor Maynard, head of innovation at insurer Lloyd's, one of the founding members of the project.

"Other costs accrue as the scenario unfolds, including cyber-incident response, damage control and mitigation, business interruption, lost revenue and reduced productivity," the report noted.

The United States would be the hardest hit with US$89 billion at risk. Europe could lose US$76 billion, and Asia, US$19 billion. The rest of the world could lose US$9 billion.

The report noted: "The (Asian) region is less affected than the US and Europe due to a lower presence of sectors with high vulnerability scores."

A ransomware attack would largely affect Asian healthcare, transport and manufacturing sectors, it added.

"Countries such as China, which has the second-largest share of total intermediary goods exported in the world, are particularly impacted in the scenario. The disruption to transportation links compounds the economic loss in the manufacturing sector as stocks of final and intermediary goods already produced are forced to remain in storage," the report said.

"Healthcare is one of the most impacted sectors globally and this resonates in Singapore," noted Lloyd's Asia chief executive Angela Kelly.

"Recent high-profile cyber incidents in the country have illustrated just how vulnerable this critical sector is to cyberthreats and highlights the issues facing the sector in managing legacy IT systems, scarce resources and underdeveloped security infrastructure."

The Cyber Risk Management project is led by Nanyang Technological University's Insurance Risk and Finance Research Centre in collaboration with industry partners and academic experts, including the University of Cambridge Centre for Risk Studies. Industry founding members include Lloyd's and fellow insurer MSIG.

Dr Andrew Coburn, chief scientist at the Cambridge Centre for Risk Studies, said: "The scenario... highlights the potential for loss that can occur from contagious malware attacks.

"It challenges assumptions about cyber preparedness and the adequacy of security measures that companies have in place.

"We hope (it) will help improve the understanding of cyber-risk and lead to better resilience to attacks like these in the future."

A version of this article appeared in the print edition of The Straits Times on January 30, 2019, with the headline 'Cyber attack may cost world economy $261b: Report'. Print Edition | Subscribe