Lloyd’s and the University of Cambridge’s Centre for Risk Studies launched a new report, “Business Blackout.” This joint report is the first to examine the insurance implications of a major cyberattack, using the U.S. power grid as an example.
The report depicts a scenario where hackers shut down parts of the U.S. power grid, plunging 15 states and Washington, D.C., into darkness and leaving 93 million people without power. Experts predict it would result in a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail; and chaos to transport networks as infrastructure collapses.
The total impact to the U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme version of the scenario. The cyberattack scenario shows the broad range of claims that could be triggered by disruption to the U.S. power grid, with total amount of claims paid by the insurance industry estimated at $21.4 billion, rising to $71.1 billion in the most extreme version of the scenario.
“This scenario shows the huge impact and havoc that could result from a major cyberattack on the U.S.,” said Tom Bolt, director of performance management at Lloyd’s. “The reality is that the modern, digital and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm.
“As insurers, we need to think about these sorts of complex and interconnected risks and ensure that we provide innovative and comprehensive cyber insurance to protect businesses and governments. This type of insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk.
“Governments also have a role to play. We need them to help share data, so we are able to accurately assess risk and protect businesses.”
Lloyd’s produced this report to help underwriters operating in the Lloyd’s market identify these previously unconsidered cyberattack impacts on insurance and risk. The scenario described in this report is relevant to stress and scenario testing required under the Solvency II framework: although unlikely, it represents a class of events with a probability thought to be well within the benchmark return period of 1:200 years against which insurers must be resilient.
Scenarios are not predictions; they explore what might happen based on past events and scientific, social and economic theory. In a world of emerging risk, it is not possible to achieve certainty regarding the nature and scale of threats faced by insurers — as such the insurance industry must be resilient to uncertainty.
Lloyd’s developed the scenario and its likely impacts with researchers from Cambridge Centre for Risk Studies at University of Cambridge Judge Business School.
President Obama raised the prospect of cyberattacks on the U.S. power grid in his Feb. 12, 2013, State of the Union address.
“America must also face the rapidly growing threat from cyberattacks,” Obama said. “We know hackers steal people’s identities and infiltrate private email. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”