Global Outage in the Cloud Could Cause Huge Economic Loss, Study Finds
As businesses increasingly move to the cloud to transform their organizations, the global economy becomes more susceptible to cyberattacks. In fact, a collaborative report by Lloyd’s of London and Cyence reveals that a global cloud outage could result in up to $53 billion in losses. In turn, demand for cyberinsurance will increase as organizations look to mitigate risk. Companies must be able to effectively quantify their potential losses if they hope to execute proper risk mitigation and cyberattack response.
Measuring and Evaluating Cyber Risk
The Lloyd’s and Cyence report offers insights on how to measure and evaluate cyber risk exposure for today’s businesses. The report outlines the types of cyberattacks businesses may encounter when utilizing the cloud in two scenarios. In the first scenario, an attacker would take down a cloud service provider, resulting in multiple days of complete downtime. In the second scenario, a copy of a zero-day vulnerability due to human error results in the failure of a specific operating system across a cloud provider’s company, customers or suppliers. In this case, economic losses could reach up to $28.7 billion.
However, it’s important to note that the recent WannaCry ransomware attacks are not an example of a zero-day leak, since the vulnerability was patched before it was publicly disclosed, according to Cyence CTO and co-founder George Ng, who co-authored the report.
“If the exploit were used stealthily before the patch was issued, advanced attackers could propagate laterally within corporate networks, add back doors and become a persistent presence behind the firewall,” Ng told eWEEK. “This means that mass exploits can contribute to increased breach levels even months or years after the patches are implemented and well after the pile of attacks that exploit the vulnerability in the aftermath of its disclosure,” Ng explained.
Although the report highlights the worst-case scenarios, Ng believes that it may be easier to estimate and quantify cyber risk by analyzing their everyday operations.
“If you’re purchasing insurance or you’re an insurance carrier, you tend to be most concerned with large-scale issues that could cause liquidity or capital problems, such as these catastrophic events,” Ng told eWEEK. “If you’re more focused on day-to-day operations or underwriting a single risk for a short duration, then common problems could be even more important because they are more plausible and occur more frequently.”
Therefore, risk managers can use the scenarios provided in the report to not only gain a better understanding of the implications of tail risk but also determine how cyberattacks may affect routine activities and the implementation of their core business processes. From there, they can develop an action plan to better mitigate cybersecurity events and economic loss.