Potential global cyber attack could cause $85 billion-$193 billion worth of damage: report

By: Noor Zainab Hussain Tanishaa Nadkar

(Reuters) – A co-ordinated global cyber attack, spread through malicious email, could cause economic damages anywhere between $85 billion and $193 billion, a hypothetical scenario developed as a stress test for risk management showed.

Insurance claims after such an attack would range from business interruption and cyber extortion to incident response costs, the report jointly produced by insurance market Lloyd’s of London and Aon said on Tuesday.

Total claims paid by the insurance sector in this scenario is estimated to be between $10 billion and $27 billion, based on policy limits ranging from $500,000 to $200 million.

The stark difference between insured and economic loss estimates highlights the extent of underinsurance, in case of such an attack, the stress test showed. An attack could affect several sectors globally, with the largest losses in retail, healthcare, manufacturing and banking fields.

Regional economies that are more service dominated, especially the United States and Europe, would suffer more and are vulnerable to higher direct losses, the report said.

Cyber attacks have been in focus after a virus spread from here Ukraine to wreak havoc around the globe in 2017, crippling thousands of computers, disrupting ports from Mumbai to Los Angeles and even halting production at a chocolate factory in Australia.

Governments are increasingly warning against the risks private businesses face from such attacks, both those carried out by foreign governments and financially motivated criminals.

More: https://www.reuters.com/article/us-wirecard-stocks/wirecard-denies-ft-report-alleging-financial-wrongdoing-idUSKCN1PO25C

What a cyberwar looks like — and what it doesn’t

By: Daniel Dobrygowski

Governments are attacking civilians in a time of peace.

President and Chief Legal Officer Brad Smith of Microsoft in April told the RSA cybersecurity conference about attacks that don’t involve tanks and warplanes, but bytes and bots. And they are aimed at our energy grids, our infrastructure, and even our private financial information.

We’ve increasingly seen reports of cyber incursions, attributed to nation-states, into critical infrastructure and financial systems. We’ve seen further attempts to affect countries’ internal political institutions. Nations are reportedly stockpiling software and network vulnerabilities, to use for espionage or in the event of an internet-enabled conflict.

Even if some claims of cyberwar are overblown — and notions of a looming “cyber-geddon” almost certainly are — the rapid adoption of new technologies as a mechanism of statecraft create ambiguity and give rise to risks that we need to understand. The first step is to be clear about what cyberwar may look like and what governments, institutions, companies and citizens can do about it.

What is ‘cyberwar’?

The reason the idea of cyberwar has led to such alarm is that it’s new — and ambiguous. As with many new technologies, it leaves us without norms and accepted definitions that clarify intentions, actions and consequences. There is even significant controversy among leading nations regarding whether the law of armed conflict should be applied to activities on the internet.

“In order to take the potential threat of cyber war seriously, we should recognize that not all detrimental activity online should be called “cyberwar” just as not all actions between states are defined as “war.””

Muddying the waters further, espionage, crime, and hactivism have been lumped together, in a way that they are almost never combined in the physical world. All are sometimes defined as cyber war either out of semantic lassitude or as a way to magnify the supposed threat.

In order to take the threat of cyber war seriously, we should recognize that not all detrimental activity online should be called “cyberwar” just as not all actions between states are defined as “war.” A reasonable definition must take into account specific forms of aggression and intended results — “cyberwar” is not crime, it is not espionage, it is not propaganda and it is not terrorism.

More: https://www.cnbc.com/2018/05/03/what-a-cyberwar-looks-like-commentary.html