One single cyber attack has the potential to cost major Asia-Pacific ports upwards of $110 billion in damages, a figure that is equivalent to half of total losses incurred from global natural disasters last year. This can occur in an "extreme" scenario during which a virus infects 15 major ports across Singapore, China, Japan, South Korea, and Malaysia.
The warning came from insurance services provider Lloyd's, which added that 92% of economic costs from such attacks remained uninsured, creating a gap of $101 billion. These findings were released in a report generated by the University of Cambridge Centre for Risk Studies, in partnership with Lloyd's and on behalf of the Cyber Risk Management (CyRiM) project, a research initiative led by Singapore's Nanyang Technological University's Insurance Risk and Finance Centre.
In a potential attack scenario targeting ships, the study posed, a software virus could scramble the cargo database logs at major ports and result in critical disruption. While this might directly impact ports in this region, it noted that economic losses -- from lower productivity and consumption as well as incident response costs -- could be recorded globally due to the global interconnectivity of the maritime supply chain.
The report singled out transportation, aviation, and aerospace sectors to be the most likely to be affected, incurring an estimated $28.2 billion in total economic losses. The manufacturing industry also could see losses of $23.6 billion, while retail would clock $18.5 billion in economic losses.
Asia, specifically, would be the most affected in terms of productivity losses, at an estimated $27 billion in indirect economic losses. Next was Europe, at $623 million, and North America at $266 million.
In Singapore, the transportation sector was expected to be the biggest hit economically, according to the report, as would their peer in South Korea.
In terms of insurance coverage, the report pointed to business disruptions and contingent business interruption as the key drivers, accounting for 60% of overall losses in an extreme scenario circumstance. Non-affirmative cyber, encompassing risk not explicitly mentioned in an insurance policy, comprised up to 57% of the total insured losses.
According to the report, port operators accounted for half of claims in insured losses, while businesses affected along the supply chain accounted for 21% of insured losses and logistics and cargo handling companies would make up 16% of insured losses.
Lloyd's Singapore country manager Angela Kelly said: "Cyber risk is one of the most critical and complex challenges facing the Asia-Pacific maritime industry today. As this risk grows with the increasing application of technology and automation in the industry, collaboration and future planning by insurers and risk managers is critical.
"With nine out of 10 of the world's busiest container ports based in Asia, and high levels of underinsurance in the region, this exposure must be addressed," Kelly noted.
Singapore's cybersecurity Bill outlines measures to protect local critical information infrastructures and requires operators in these sectors to take steps to safeguard their systems and swiftly report threats and incidents. Among the 11 that have been listed as essential services industries include maritime, land transport, and aviation.
With the number of data breaches escalating and threat landscape fast evolving, Asia-Pacific enterprises will have to think outside the box and transform their cybersecurity strategy, especially since current tools are no longer effective in staving off attacks.
A quarter of Asia-Pacific companies have experienced a security incident, while 27 percent aren't even sure because they haven't conducted any data breach assessment--even as the region is estimated to have lost US$1.75 trillion last year due to cyberattacks.
Healthcare organisations in Asia-Pacific can incur economic losses of up to US$23.3 million from cybersecurity incidents, though, 45 percent have either experienced or are not even sure if they have experienced a cyber attack.
Cyber Security Agency says the number of common cyber threats, including website defacements and phishing, dipped in Singapore last year, but expects to see more frequent data breaches and disruptive attacks against the cloud in the near future.
Some 96% of companies in the city-state admitted to experiencing a data breach over the past year, with 98% expressing security concerns involving digital transformation initiatives and 5G network deployments.