US power grid cyber attack could cost $1tn: Lloyd’s
A cyber attack on the US power grid could cost the US economy over $1 trillion according to a report by Lloyd’s and the University of Cambridge's Centre for Risk Studies.
The report, Business Blackout, examines the insurance implications of a major cyber attack, using the US power grid as an example.
The scenario: hackers shut down parts of the US power grid, plunging 15 US states and Washington DC into darkness and leaving 93 million people without power.
“The total impact to the US economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme version of the scenario,” said the report.
“The cyber attack scenario shows the broad range of claims that could be triggered by disruption to the US power grid, with total amount of claims paid by the insurance industry estimated at $21.4 billion, rising to $71.1 billion in the most extreme version of the scenario.”
Insurance payments from the scenario would likely apply to six primary categories of claimant: power generation companies; defendant companies; companies that lose power; companies indirectly affected; homeowners; and specialty.
Tom Bolt, director of performance management at Lloyd's, said: "This scenario shows the huge impact and havoc that could result from a major cyber attack on the US. The reality is that the modern, digital, and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm.
"As insurers, we need to think about these sorts of complex and interconnected risks and ensure that we provide innovative and comprehensive cyber insurance to protect businesses and governments. This type of insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk.”
"Governments also have a role to play. We need them to help share data, so we are able to accurately assess risk and protect businesses.”
Dr Andrew Coburn, director of the advisory board of the Cambridge Centres for Risk Studies and senior vice president of RMS, added: “This scenario represents an extreme event that is unlikely, but plausible. We have analysed the groups who might carry out such an attack, their motivation and capabilities.
“We have looked at the form the attacks might take and the difficulties the perpetrators would have in overcoming the defences that are in place to protect against these types of attacks. Using a detailed technical analysis of how a cyber attack could be carried out and what it would do, we can set out a realistic stress test for portfolio management."
