New Study by University of Cambridge & Lloyd’s: One Cyber Attack on Major APAC Ports Could Cost Billions
October 30: One cyber attack has the potential to cost major Asia-Pacific ports upwards of $110 billion in damages, a figure that is equivalent to half of total losses incurred from global natural disasters last year. This can occur in an “extreme” scenario during which a virus infects 15 major ports across Singapore, China, Japan, South Korea, and Malaysia.
The warning came from insurance services provider Lloyd’s, which added that 92% of economic costs from such attacks remained uninsured creating a gap of $101 billion. These findings were released in a report generated by the University of Cambridge Centre for Risk Studies, in partnership with Lloyd’s and on behalf of the Cyber Risk Management (CyRiM) project, a research initiative led by Singapore’s Nanyang Technological University’s Insurance Risk and Finance Centre.
In a potential attack scenario targeting ships, the study posed, a software virus could scramble the cargo database logs at major ports and result in critical disruption. While this might directly impact ports in this region, it noted that economic losses–from lower productivity and consumption as well as incident response costs–could be recorded globally due to the global interconnectivity of the maritime supply chain.
The report singled out transportation, aviation, and aerospace sectors to be the most affected, incurring an estimated $28.2 billion in total economic losses. The manufacturing industry also could see losses of $23.6 billion, while retail would clock $18.5 billion in economic losses.
Asia, specifically, would be the most affected in terms of productivity losses, at an estimated $27 billion in indirect economic losses. Next was Europe, at $623 million, and North America at $266 million.
In Singapore, the transportation sector was expected to be the biggest hit economically, as would their peer in South Korea.
In terms of insurance coverage, the report pointed to business disruptions and contingent business interruption as the key drivers, accounting for 60% of overall losses in an extreme scenario circumstance. Non-affirmative cyber, encompassing risk not explicitly mentioned in an insurance policy, comprised up to 57% of the total insured losses.
According to the report, port operators accounted for half of claims in insured losses, while businesses affected along the supply chain accounted for 21% of insured losses and logistics and cargo handling companies would make up 16% of insured losses.
Lloyd’s Singapore country manager Angela Kelly said: “Cyber risk is one of the most critical and complex challenges facing the Asia-Pacific maritime industry today. As this risk grows with the increasing application of technology and automation in the industry, collaboration and future planning by insurers and risk managers is critical.
“With nine out of 10 of the world’s busiest container ports based in Asia, and high levels of underinsurance in the region, this exposure must be addressed,” Kelly noted.
Singapore’s cybersecurity bill outlines measures to protect local critical information infrastructures and requires operators in these sectors to take steps to safeguard their systems and swiftly report threats and incidents. Amongst the 11 of these listed as essential services industries include maritime, land transport, and aviation.
Source: ZDNet / Eileen Yu