New research today has predicted that a single cyber-attack that affected just 15 major ports across the Asia-Pacific region could cost $110 billion.
Lloyd’s has issued the report, “Shen attack: Cyber risk in Asia Pacific ports” and warned the loss figure would be roughly equivalent to half of all losses from natural catastrophes globally in 2018.
These losses could occur in an extreme scenario in which a computer virus infects 15 ports across Japan, Malaysia, Singapore, South Korea and China, according to the report, that was produced by the University of Cambridge Centre for Risk Studies, on behalf of the Cyber Risk Management (CyRiM) project, in partnership with Lloyd’s.
Lloyd’s CEO, John Neal, who is in Singapore this week said: “We know that the biggest assets for companies are not physical they are intangible. This is confirmed by Lloyd’s latest research, which shows that a single severe cyber attack on Asia’s biggest ports could cause roughly the same economic loss as half of all the natural disasters in the world in 2018.
“With the increasing application of technology and automation, these risks will become even more acute. High levels of underinsurance in Asia, which is also home to nine out of ten of the world’s busiest ports, means that these exposures must be urgently addressed.
“This new research provides new insights on this fast moving threat to support the creation of new products, services and mitigation strategies and in doing so make businesses and communities more resilient.”
Despite the high costs to business and international trade, the report showed that the global economy is underprepared for such an attack with 92% of the total economic costs uninsured, leaving an insurance gap of $101bn.
An attack via a computer virus carried by ships could scramble the cargo database records at major ports and lead to severe disruption, according to the plausible scenario depicted in the report. Although the virus only directly affects ports in Asia-Pacific, economic losses would be felt around the world due to the global interconnectivity of the maritime supply chain.
An attack of this scale targeted at ports would cause substantial economic damage to a wide range of businesses through reduced productivity and consumption, incident response costs, and supply chain disruption.
The report estimated that:
- Transportation, aviation and aerospace sectors would be the most affected ($28.2bn of economic losses in total), followed by manufacturing ($23.6bn) and retail ($18.5bn).
- Productivity losses would affect each country that has bilateral trade with the attacked ports. Asia would be the worst affected region, set to lose up to $27bn in indirect economic losses, followed by $623m in Europe and $266m in North America.
Other key findings from the report included:
- The transportation sector in Singapore would take the biggest economic hit, followed by the same sector in South Korea.
- ‘Business interruption’ and ‘contingent business interruption’ insurance coverages would be the main drivers of the insured losses (60% of the loss in the most extreme version of the scenario).
- Non-affirmative cyber, meaning cyber risk that is not explicitly mentioned in an insurance policy, would account for up to 57% of the total insured losses.
Insurance claims would arise from port operators (50% of insured losses), companies along the supply chain (21% of insured losses), and logistics and cargo handling companies (16%).