SINGAPORE - A major cyber attack that demands ransom payments from victims could cost US$193 billion and affect more than 600,000 businesses worldwide.
The warning comes in a new report from the Cyber Risk Management project, a Singapore-based initiative by organisations from the public and private sector.
It studied a hypothetical attack launched through an e-mail infected with a ransomware virus. The e-mail is forwarded to all contacts and within 24 hours encrypts all data on 30 million devices worldwide.
Companies of all sizes would be forced to pay a ransom to decrypt their data or to replace infected devices.
The most severe scenario as outlined in the study on Tuesday (Jan 29) could involve a hit of $193 billion to the world economy; the least severe would cost around $85 billion.
"This report shows the increasing risk to businesses from cyber attacks as the global economy becomes more interconnected and reliant on technology. The reality for business is, it's not if you get attacked but when," said Dr Trevor Maynard, head of innovation at insurer Lloyd's, one of the founding members of the project.
The report noted that firms would also accumulate other financial damages apart from ransom payments. "Other costs accrue as the scenario unfolds, including cyber-incident response, damage control and mitigation, business interruption, lost revenue and reduced productivity."
The United States would be the hardest hit with $89 billion at risk. Europe could lose $76 billion and Asia $19 billion. The rest of the world could lose $9 billion.
The report noted: "The (Asian) region is less affected than the US and Europe due to a lower presence of sectors with high vulnerability scores."
A ransomware attack would largely affect Asian healthcare, transport and manufacturing sectors, it added.
"The disruption to production lines halts or slows down production in manufacturing companies across Asia," the report said.
"Countries such as China, which has the second-largest share of total intermediary goods exported in the world, are particularly impacted in the scenario. The disruption to transportation links compounds the economic loss in the manufacturing sector as stocks of final and intermediary goods already produced are forced to remain in storage."
The Cyber Risk Management project is led by Nanyang Technological University - Insurance Risk and Finance Research Centre in collaboration with industry partners and academic experts, including the University of Cambridge Centre for Risk Studies.
Industry founding members include Lloyd's and fellow insurer MSIG.
Dr Andrew Coburn, chief scientist at the Cambridge Centre for Risk Studies, said: "The scenario... highlights the potential for loss that can occur from contagious malware attacks.
"It challenges assumptions about cyber preparedness and the adequacy of security measures that companies have in place.
"We hope (it) will help improve the understanding of cyber risk and lead to better resilience to attacks like these in the future."