The estimated economic cost of cyber-crime exceeds $1 trillion highlighting the growing need for cyber insurance, a new report published by Bloomberg Intelligence (BI) says.
It says the sophisticated attack on the Colonial Pipeline in the US forcing one of the nation’s biggest gasoline pipelines to shut down is a timely reminder of the vulnerability of the energy infrastructure.
BI cites a recent report by the Center for Strategic and International Studies in partnership with McAfee which estimates the annual monetary cost of cyber-crime at $945 billion which when added to global spending on cybersecurity of around $145 billion puts the economic cost of cyber-crime at more than $1 trillion.
Part of the reason for the cost is better reporting but the bill is also growing because of increasing use of ransomware and phishing-related ploys with criminals targeting organisations including healthcare bodies, pharmaceutical companies, academia, medical research groups and local governments. Just 4% of 1,500 companies surveyed in 2019 said they had not faced a cyber incident.
“The Colonial Pipeline attack isn’t the first on a US energy facility. Aging US energy and power infrastructure makes it particularly vulnerable to cyberattack threats in our view” said BI Senior Industry Analyst Charles Graham.
The BI report, US Pipeline Cyberattack Implications for Insurers, says a cyberattack on US energy infrastructure has long been flagged as a major risk by insurers with a report by Lloyds’ of London and University of Cambridge warning in 2015 that the cost of an attack could rise to more than $1 trillion in the most extreme scenario.
Industries at particular risk include manufacturing, shipping, energy, and transportation as all rely on industrial control systems which when breached can lead to major insured losses from explosions and safety system failures.
Those risks are driving demand for cyber insurance protection with Munich Re forecasting it will rise to $20 billion by 2025 compared with $3.25 billion in 2016. However, some industry experts warn cyber-attacks are virtually uninsurable.