The FINANCIAL — Lloyd’s, the specialist insurance and reinsurance market, in partnership with the risk modeler, AIR Worldwide, on January 23 launched a new report, Cloud Down – The impacts on the US economy, which analyzes the financial impact of the failure of a leading cloud provider in the US.
The report analyzes losses for 12.4 million US organizations and proposes an alternative approach to help insurers model these risks, which are typically harder to assess than other perils like natural disasters due to the complex and highly interconnected nature of the digital world.
In the report, it was found that companies outside of the Fortune 1000 – who are more likely to use cloud provider services – would carry a larger share of the economic and insurance losses than Fortune 1000 companies. However, the biggest 1000 companies in the US would still carry 38% of economic losses.
Key report findings include:
An extreme cyber incident that takes a top cloud provider offline in the US for 3 to 6 days would result in economic losses of $15bn and up to $3bn in insured losses.
Businesses outside the Fortune 1000 would carry 63% share of economic losses and 57% of insured losses – indicating that they are at the highest risk.
Fortune 1000 companies would carry 37% of economic losses and 43% of insured losses.
Like any model result, these figures have uncertainty and AIR estimate a 95% confidence interval of $11 – $19bn around the central estimate of $15bn.
If a top cloud provider went down:
– Manufacturing would see direct economic losses of $8.6 billion;
– Wholesale and retail trade sectors would see economic losses of $3.6 billion;
– Information sectors would see economic losses of $847 million;
– Finance and insurance sectors would see economic losses of $447 million;
– Transportation and warehousing sectors would see economic losses of $439 million.
Trevor Maynard, Head of Innovation at Lloyd’s, said:
“This report provides a detailed picture of the costs to the US economy as a result of a cloud service provider failure. Clouds can fail or be brought down in many ways – ranging from malicious attacks by terrorists to lighting strikes, flooding or simply a mundane error by an employee. Whatever the cause, it is important for businesses to quantify the risks they are exposed to as failure to do so will not only lead to financial losses but also potentially loss of
customers and reputation.”
Lloyd’s previous research with KPMG and DAC Beachcroft has shown that services firms are particularly vulnerable to the reputational impacts of a cyber attack where service disruption can have an immediate effect on clients, leading to customer churn, loss of competitive advantage and loss of revenue.”
Scott Stransky, assistant vice president and principal scientist at AIR Worldwide, added:
“A major cloud failure would significantly impact the insurance industry, and our research has shown that such an event is plausible. The findings from this report show that while the cyber insurance industry is growing, there’s still a significant gap in cyber coverage. We hope the report will help raise awareness across the industry as to how significant losses could be, how likely they are, and provide an opportunity for insurers to better understand and manage cyber risk. With proper models such as AIR’s, the industry will be able to grow the market by confidently writing more cyber policies. The goal is to make insurers and all organizations that rely upon cyber insurance more resilient if the cloud does go down.”
Discussion about this post