A catastrophic cyber event with widespread data loss could cost up to $23.8 billion in insured losses, according to a new study from CyberCube Analytics and Guy Carpenter that examines the financial impact of 23 potential scenarios on the United States standalone cyber insurance market.
This scenario involved the exploitation of zero-day vulnerabilities within a widely-used operating system and has the least likely chance of occurring (beyond a 1-in-300-year return period), but the largest financial impact, according to the study, entitled “Looking Beyond the Clouds.”
More likely scenarios modeled by CyberCube and Guy Carpenter included widespread data theft from a major email service provider, with an estimated cost of $19.1 billion, and ransomware aimed at a leading cloud services provider at $11.5 billion. Researchers used anonymized cyber insurance policy details applied to a $2.6 billion synthetic portfolio to provide a broad reflection of the U.S. standalone cyber insurance market.
Evaluating the potential financial fallout from a range of scenarios can help the cyber insurance industry assess capital allocations, reinsurance coverage, and underwriting and pricing strategies, researchers said.
“Only by adopting a robust, modeled, forward-looking view of cyber catastrophe risk can we ensure the ongoing development of a sustainable and profitable cyber insurance market,” said Pascal Millaire, CEO of CyberCube.