A cyber-attack on Asia-Pac ports could cost $110bn, as much as half of all nat cats last year
A single cyber-attack that affects major ports across Asia-Pacific could cost $110 billion, which is roughly equivalent to half of all losses from natural catastrophes globally in 2018*. This is according to new research released today by Lloyd’s, the world’s specialist (re)insurance market.
These losses could occur in an extreme scenario in which a computer virus infects 15 ports across Japan, Malaysia, Singapore, South Korea and China, according to the report – ‘Shen attack: Cyber risk in Asia Pacific ports’ – produced by the University of Cambridge Centre for Risk Studies, on behalf of the Cyber Risk Management (CyRiM) project.
The report depicts a plausible scenario in which an attack is launched via a computer virus carried by ships, which then scrambles the cargo database records at major ports and leads to severe disruption. Although in this scenario the virus only directly affects ports in Asia-Pacific, economic losses would be felt around the world due to the global interconnectivity of the maritime supply chain.
The report shows how an attack of this scale targeted at ports would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, incident response costs, and supply chain disruption.
The scenario estimates that:
- Transportation, aviation and aerospace sectors would be the most affected ($28.2bn of economic losses in total), followed by manufacturing ($23.6bn) and retail ($18.5bn).
- Productivity losses affect each country that has bilateral trade with the attacked ports. Asia would be the worst affected region, set to lose up to $27bn in indirect economic losses, followed by $623m in Europe and $266m in North America.
Despite the high costs to business and international trade, the report shows the global economy is underprepared for such an attack with 92% of the total economic costs uninsured, leaving an insurance gap of $101bn.
Other key findings from the report included:
- The transportation sector in Singapore would take the biggest economic hit, followed by the same sector in South Korea.
- ‘Business interruption’ and ‘contingent business interruption’ insurance coverages would be the main drivers of the insured losses (60% of the loss in the most extreme version of the scenario).
- Non-affirmative cyber, meaning cyber risk that is not explicitly mentioned in an insurance policy, would account for up to 57% of the total insured losses.
- The primary categories of policyholders that would make claims in this scenario are port operators (50% of insured losses), companies along the supply chain (21% of insured losses), and logistics and cargo handling companies (16% of insured losses).
- There are opportunities for insurers and policyholders to expand their view of cyber risks ahead of the next event and the report helps to inform in a way to support new products, services and mitigation strategies that make businesses and communities more resilient.
Click below to read the report:
Alan J. Wilson, CEO of MSIG Asia, said: “MSIG is proud to partner with CyRiM in producing this second report on potential cyber events, which we believe is extremely relevant in the context of today’s digital economy.
This report highlights how cyber-attacks in the maritime industry can result in significant security and financial threats for shipping companies, with a wider impact on other interrelated sectors around the region and the globe. Through collaboration with academia, technology companies, financial services and governments, we aim to bring value to societies and help companies and individuals to be prepared to meet ongoing and emerging cyber threats.”
Angela Kelly, Singapore Country Manager, Lloyd’s, said: “We are pleased to once again collaborate with the University of Cambridge and CyRiM founding members on this ground-breaking research. Cyber risk is one of the most critical and complex challenges facing the Asia Pacific maritime industry today. As this risk grows with the increasing application of technology and automation in the industry, collaboration and future planning by insurers and risk managers is critical. With nine out of ten of the world’s busiest container ports based in Asia, and high levels of underinsurance in the region, this exposure must be addressed.”
Dr Shaun Wang, Director of Insurance Risk and Finance Research at Nanyang Technological University, said: “This research sheds light on the interplay of cyber risk and physical world of complex logistics and supply chains of major ports in Asia. It deepens our understanding of potential cyber-risk liability and aggregation and helps strengthen risk management of critical infrastructure.”
Dr Andrew Coburn, Chief Scientist at the Cambridge Centre for Risk Studies, said: “This report highlights the vulnerability of the interconnectivity of the global economy, and how disruption of marine cargo shipments causes widespread loss in supply chains and business operations. Modelling this complexity has been a research challenge but we hope the report highlights opportunities for the cyber insurance market to assist with protection against these vulnerabilities.”
Elizabeth Geary, Global Head of Cyber at TransRe, said: “This second piece of important research reinforces that we all need to pay close attention to systemic cyber risk within the different, interlinked components of the global economy. It highlights the need for effective risk management, which includes a clear and comprehensive understanding of the risks and mitigating factors in the global supply chain. Together with its predecessor, the report shines a light on the large insurance gap and how insurers can enable effective risk transfer.”
Andrew Mahony, Head of Cyber Solutions, Risk, Asia at Aon, added: “The Shen Cyber Attack Scenario highlights the complicated impact of supply chain disruption in the cyber context. For organisations, it presents a chance to review both direct exposure to the financial impact of a complex cyber-attack and the indirect financial impact of such an attack in an interconnected economy. For insurers, the Shen Cyber Attack provides a useful model through which to view accumulation risk and is a good reminder of the need to carefully manage contingent business interruption coverage.”
Sébastien Heon, Deputy Chief Underwriter Officer, Cyber Solutions at SCOR, said: “The Shen report has brought together a diverse panel of experts to analyse what can happen if port and maritime infrastructures, which play a vital role in the global economy, are disrupted by a cyber event. We are delighted to have contributed to this far-reaching report, which furthers our collective understanding of the cascading effects of such attacks.”
Notes to editors
- * 394 natural catastrophes in 2018 generated economic losses of US$225 billion, according to Aon.
- ‘Shen attack: Cyber risk in Asia Pacific ports’ is a joint report produced by the Cyber Risk Management (CyRiM) project led by Nanyang Technological University, in collaboration with industry partners and academic experts including Lloyd’s, a founding member of CyRiM.
- The Centre for Risk Studies at Cambridge University, Judge Business School prepared the cyber risk scenario and modelling results in the report based on detailed research in conjunction with Lloyd’s, CyRiM and other contributors.
- The report analyses the costs of the scenario using three levels of severity. The numbers in this press release are based on the most severe version of the scenario.
- Cyber insurance covers a range of costs associated with ransomware attacks including: business interruption (the largest driver of total economic losses in this scenario); loss of productivity and consumption; IT clean-up costs and supply chain losses.
Lloyd’s is the world’s leading insurance and reinsurance marketplace. Through the collective intelligence and risk-sharing expertise of the market’s underwriters and brokers, Lloyd’s helps to create a braver world.
The Lloyd’s market provides the leadership and insight to anticipate and understand risk, and the knowledge to develop relevant, new and innovative forms of insurance for customers globally.
It offers the efficiencies of shared resources and services in a marketplace that covers and shares risks from more than 200 territories, in any industry, at any scale.
And it promises a trusted, enduring partnership built on the confidence that Lloyd’s protects what matters most: helping people, businesses and communities to recover in times of need.
Lloyd’s began with a few courageous entrepreneurs in a coffeeshop. Three centuries later, the Lloyd’s market continues that proud tradition, sharing risk in order to protect, build resilience and inspire courage everywhere.
The Cyber Risk Management (CyRiM) project is led by Nanyang Technological University – Insurance Risk and Finance Research Centre (NTU-IRFRC) in collaboration with industry partners and academic experts including the Cambridge Centre for Risk Studies.
The project is overseen by a Project Oversight Board consisting of representatives from the Monetary Authority of Singapore (MAS), Cyber Security Agency of Singapore (CSA), NTU-IRFRC and CyRiM industry founding members.
CyRiM industry founding members include Aon Centre for Innovation and Analytics, Lloyd’s, MSIG, SCOR and TransRe. CyRiM is a pre-competitive research project that aims to foster an efficient cyber risk insurance market place through engaging industry and academic experts guided by government and policy level research.
The CyRiM project will help Singapore become an industry centre of excellence on cyber risk and grow the cyber risk insurance market by promoting both the demand and supply of insurance coverage.
About the Centre for Risk Studies at Cambridge Judge
The Centre for Risk Studies is a multidisciplinary centre of excellence at Cambridge University Judge Business School for the study of the management of economic and societal risks.https://www.jbs.cam.ac.uk/faculty-research/centres/risk/
The centre's focus is on the analysis, assessment and mitigation of global vulnerabilities for the advancement of political, business and individual decision makers. The research completed by the Centre for Risk Studies helps global companies manage emerging risks using a rigorous scenario-based framework.
Recent studies available at https://www.jbs.cam.ac.uk/faculty-research/centres/risk/publications/