Printed from

Catastrophic cyber event could cause up to $23.8B in insured losses

Posted On: Sep. 5, 2019 1:48 PM CST


The costliest cyber catastrophe scenario is widespread data loss from a leading operating system provider with the potential to generate up to $23.8 billion of insured loss, says a study that explores the size and shape of possible cyber catastrophe scenarios.

But the most likely cyber catastrophe loss scenario is widespread data theft from a major email service provider, with a possible $19.1 billion loss, says the study issued Thursday by Guy Carpenter & Co. LLC, a Marsh & McLennan Cos. Inc. subsidiary, and San Francisco-based Cyber Cube Analytics Inc.

The report says according to some estimates, the global market volume for cyber insurance will grow to $8-$9 billion by 2020, which is more than twice that of 2017.  

But despite this growth potential, “increasing competition as new entrants seek to take advantage of the growth potential has created pressure on rates as well as an expansion of available coverage.

“The exposure data needed by (re)insurers to quantify and price cyber risk appropriately is a moving target as coverage matures and (re)insurers develop a deeper understanding of how to translate cyber security metrics into indicators of loss,” says the study.

Other possible cyber catastrophe scenarios that would drive the highest loss values are: a long-lasting outage at a leading cloud service provider, which would generate a $14.3 billion loss; a large-scale cloud  ransomware at a leading cloud services provider, which would create an  $11.5 billion loss; and large-scale data loss from a cloud service provider, generating a $22.2 billion loss, according to the report.

The report states researchers based their analysis on a synthetic $2.6 billion portfolio folio using anonymized cyber insurance. The study is intended “to provide a realistic reflection of the potential losses that the U.S. cyber insurance market could face today,” it states.