Smaller-scale systemic cyber events more likely than large attacks: Survey

More than 90% of surveyed cyber experts believe cyber risk is systemic, American International Group Inc. said in a report issued Wednesday.

But most believe a systemic cyber event impacting between five and 10 companies is more likely to occur than one impacting 100 or more companies, despite recent wide-impact incidents such as the SWIFT banking attacks.

New York-based AIG based its report on 70 responses to an electronic survey sent in December to cyber security, technology and insurance professionals in the United States, the United Kingdom and continental Europe, according to the report, “Is Cyber Risk Systemic?”

A total of 85% of respondents think certain industry sectors are more susceptible to systemic attacks than others. Ranked as the most likely sectors to be part of a systemic attack in the next 12 months were: financial services, cited by 19% of respondents; power/energy, 15%; telecommunications/utilities, 14%; health care, 13% and information technology, 12%.

“This paints a picture of large systemic events we might see including disruption to financial networks or transaction systems, internet infrastructure, the power grid, and the health care system,” said the report. 

Respondents ranked a mass distributed denial-of-service attack on a major cloud provider as the most likely cross-sector mega event when asked to weigh the likelihood of the most severe scenarios.