Cloud computing: Why a major cyber-attack could be as costly as a hurricane

The economic costs of a large cyber-attack could be as large as the impact of a major natural disaster.
Written by Danny Palmer, Senior Writer

The economic damage of a successful major cyber-attack against a large cloud services provider could be similar in scale to the financial impact of a destructive hurricane.

The destructive tropical cyclone hurricane Katrina hit the US in 2005, causing $108bn in damage -- but that could be exceeded by the cost of a major cyber-attack, according to one expert.

"To compare the degree of economic cost, estimates now are that if attackers took down a major cloud provider, the damages could be $50bn to $120bn, so something in the range of a Sandy event to a Katrina event," said John Drzik, president of global risk and digital at insurance broking and risk management company Marsh, speaking at the launch of the World Economic Forum (WEF)'s Global Risks Report 2018.

The analysis by the international body -- which brings together business, political, academic, and other leaders to help shape the global agenda -- ranks cyber-attacks as a top three risk to society alongside natural disasters and extreme weather.

And, despite 2017 being a record year for the financial cost of extreme weather and natural disasters, the economic damage of cyber-attacks had a far greater global impact.


In 2017, total economic cost of cyber-attacks was greater than the economic cost of natural disasters.

Image: Getty

"The aggregate cost of cyber is now estimated at over $1tn a year of economic cost, verses roughly $300bn experienced in 2017 lost to natural catastrophes," said Drzik.

See also: See also: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse

However, despite the potential damage which can be caused by cyber-attacks, governments and supporting agencies are far less well-equipped to deal with a major cyber-incident than they would be to deal with natural disasters. There's a FEMA response team for cyber-attacks, but it isn't as large as other parts of the agency.

"Think about the comparative scale," said Drzik. "Think about the government agencies as well as voluntary organisations which focus on response to natural disasters, verses national cyber-agencies -- they're much less resourced. They have some capacity, but not enough to deal with what is a significantly growing risk."

There's also the additional issue that, like extreme weather and natural disasters, cyber-attacks are a global issue but, as the WEF report highlights, there are elements of the current geopolitical environment that provide huge barriers for nation states coming together to collaborate on protecting against hacks and breaches.

That's dangerous, given there's barely any real agreement on what's acceptable and what needs managing in cybersecurity and cyberwarfare.

"International protocols have yet to really emerge in dealing with cyber risk and those are going to be needed as well. But, in the geopolitical climate we're in, it's hard to get to multilateral agreements," he said. "All of this paints a challenging picture for the defence against cyber risk."

Recent and related coverage

Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)

How will the cybersecurity arms race develop in 2018? Experts have made a multitude of predictions, and we have analysed them.

Cyber-attacks are a top three risk to society, alongside natural disaster and extreme weather

A report has warned that ransomware, Internet of Things hacks, and industrial attacks could be almost as big a problem as natural disasters and extreme weather.


Editorial standards