author photo
By Bruce Sussman
Thu | Mar 7, 2019 | 9:40 AM PST

We've seen the movie—and the TV series—where it happens.

Someone with an unknown virus begins spreading it as they become ill.

By the time health organizations have figured it out, it's too late: people are dying, communities are quarantined, and if there is a cure, those who hold it also hold all the power in the world.

These types of dramatic stories are based on a realistic scenario called a global pandemic. 

Global pandemic, the cyber version

And now the Cambridge Centre for Risk Studies, the Cyber Risk Management Project, and Lloyd's of London are envisioning a cyber attack pandemic. One that is started by hackers and only they have the cure.

The numbers are downright frightening:


How a global ransomware attack could happen

The researchers created the following scenario to determine how a global ransomware attack could be possible:

  • Hackers spend six months recruiting top programmers
  • That team develops ransomware to maximize spread without the need for human interaction
  • The programming work also creates a ransomware strain to maximize disruption

It starts with a single phishing email and turns into a global infection, which you could call a cyber attack pandemic, impacting more than 600,000 companies around the planet.

"An infected email, once opened is forwarded to all contacts and within 24 hours encrypts all data on 30 million devices worldwide. Companies of all sizes would be forced to pay a ransom to decrypt their data or to replace their infected devices."

In other words, those with the cure also hold the power.

Losses from a global cyber attack

The report finds the following:

"A ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, IT clean-up costs, ransom payments, and supply chain disruption."

And here are some breakdowns on potential losses from a sudden global ransomware attack: 

  • Retail and healthcare would be the most affected ($25 billion each), followed by manufacturing ($24B).
  • Regionally, the US would be the hardest hit, with $89B at risk. Europe could lose $76B, with Asia losing $19B. The rest of the world could lose $9B.

The vast majority of these losses, the report says, would be uninsured losses.

Dr. Andrew Coburn, Chief Scientist at the Cambridge Centre for Risk Studies, adds this:  “The scenario we have prepared... highlights the potential for loss that can occur from contagious malware attacks. It challenges assumptions about cyber preparedness and the adequacy of security measures that companies have in place."

The report is also intended to help insurers understand the collective risk from cyber within their portfolios.

One thing is clear when it comes to cyber risk: there is a lot of it.