The WannaCry and NotPetya cyber-attacks illustrated the magnitude of the damage that cyber-attacks can cause. These two attacks affected organizations in more than 150 countries, prompted business interruption and other losses estimated at well over USD 300 million by some companies, brought reputational damage and resulted in loss of customer data.
WannaCry and NotPetya exposed a systemic risk and affected a broad cross-section of businesses without specific targeting, demonstrating the potential for escalation in the threat of cyber terrorism. Recent cyber-attacks reveal:
- The landscape for points of attack is growing. Traditional physical processes carried out by industrial control systems — including critical infrastructure industries such as power utilities, water treatment services, and health and emergency systems — are coming online. Guy Carpenter affiliate Oliver Wyman forecasts that 30 billion connected devices will be in use by 2030, creating more assets susceptible to attack and adding more vulnerabilities to be exploited.
- Cyber threats are becoming more advanced. The upsurge of highly skilled hackers, often nation-state supported, is coinciding with the development of more sophisticated tools that are likely seeping into the broader environment through a thriving black market.
- The consequences are high. Companies are now deeply dependent on their systems and data, and interference with those assets can materially affect market capitalization and endanger executive leadership, reputations, sales and profits. Failures in cybersecurity have the potential to destabilize an enterprise overnight.
- A shift has begun to take place in the nature of cyber incidents; from affecting primarily consumers to having an impact on global political or economic systems as a whole. Examples of this changing trend are the recent headlines covering the banking industry. Large scale cyber-attacks on the banking industry can result in stolen money and personal information entrusted by consumers to these institutions and also, in a worst-case scenario, cause a “run” on the global banking system.