Cyber Attacks Rank Alongside Natural Disasters

The economic damage of a successful major cyber-attack against a large cloud services provider could be similar in scale to the financial impact of a destructive hurricane.

The destructive tropical cyclone hurricane Katrina hit the US in 2005, causing $108bn in damage, but that could be exceeded by the cost of a major cyber-attack, according to an expert. "To compare the degree of economic cost, estimates now are that if attackers took down a major cloud provider, the damages could be $50bn to $120bn, so something in the range of a Sandy event to a Katrina event," said John Drzik, president of global risk and digital at insurance broking and risk management company Marsh. He was speaking at the launch of the World Economic Forum (WEF)'s Global Risks Report 2018.

"The aggregate cost of cyber is now estimated at over $1tn a year of economic cost, verses roughly $300bn experienced in 2017 lost to natural catastrophes," said Drzik.

The analysis by the international body, which brings together business, political, academic, and other leaders to help shape the global agenda ranks cyber as one of the top three risks along-side natural disasters and extreme weather.

Despite 2017 being a record year for the financial cost of extreme weather and natural disasters, the economic damage of cyber-attacks had a far greater global impact.

However, despite the potential damage which can be caused by cyber-attacks, governments and supporting agencies are far less well-equipped to deal with a major cyber-incident than they would be to deal with natural disasters. There's a FEMA response team for cyber-attacks, but it isn't as large as other parts of the agency.
"Think about the comparative scale," said Drzik. "Think about the government agencies as well as voluntary organisations which focus on response to natural disasters, verses national cyber-agencies -- they're much less resourced. They have some capacity, but not enough to deal with what is a significantly growing risk."

There's also the additional issue that, like extreme weather and natural disasters, cyber-attacks are a global issue but, as the WEF report highlights, there are elements of the current geopolitical environment that provide huge barriers for nation states coming together to collaborate on protecting against hacks and breaches.

That's dangerous, given there's barely any real agreement on what's acceptable and what needs managing in cybersecurity and cyberwarfare."International protocols have yet to really emerge in dealing with cyber risk and those are going to be needed as well. But, in the geopolitical climate we're in, it's hard to get to multilateral agreements," he said. "All of this paints a challenging picture for the defence against cyber risk."

ZDNet

You Might Also Read:

Companies Are Buying Cyber Insurance 'in mad panic':

Global Cyber Attack Could Cost $53Billion:

Cyber Insurance Report 2017 - 2018 (£):
 

 

« You Probably Don’t Know All the Ways Facebook Tracks You
In S.Africa The Cybersecurity Skills Gap Is A Chasm »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Oasis Security

Oasis Security

Oasis is the market leading platform for non-human identity management. Our mission is to fortify cybersecurity defenses by enabling enterprises to efficiently secure non-human identities.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.