New report predicts effects of hackers shutting down the US power grid

Cyber risk

A cyber attack on the US power grid could cost insurers up to $71.1bn (£45.8bn) a new report from Lloyd’s predicted.

The report, Business Blackout, was produced in conjunction with the University of Cambridge. It envisages a scenario where hackers shut down parts of the US power grid, plunging 15 states and Washington DC into darkness and leaving 93 million people without power.

Such a scenario would result in a rise in mortality rates as heath systems fail, a decline in trade as ports shut down, disruption to water supplies as electric pumps fail and chaos to transport networks, experts predict in the report.

The report estimates that the total impact to the US economy would be $243bn, rising to $1trn in the most extreme version of the scenario.

Total claims paid by y the insurance industry are estimated at $21.4bn, rising to $71.1bn in the most extreme version of the scenario.

Director of performance management at Lloyd’s Tom Bolt said: “This scenario shows the huge impact and havoc that could result from a major cyber attack on the US.

“The reality is that the modern, digital, and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm.

“As insurers, we need to think about these sorts of complex and interconnected risks and ensure that we provide innovative and comprehensive cyber insurance to protect businesses and governments. This type of insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk.”

He added: “Governments also have a role to play. We need them to help share data, so we are able to accurately assess risk and protect businesses.”

Director of the advisory board of the Cambridge Centres for Risk Studies and senior vice-president of risk modelling firm RMS Dr Andrew Coburn said: “This scenario represents an extreme event that is unlikely, but plausible.

“We have analysed the groups who might carry out such an attack, their motivation and capabilities.

“We have looked at the form the attacks might take and the difficulties the perpetrators would have in overcoming the defences that are in place to protect against these types of attacks.

“Using a detailed technical analysis of how a cyber attack could be carried out and what it would do, we can set out a realistic stress test for portfolio management.”