Business blackout: the insurance implications of a cyber attack on the US power grid

Published: Thursday, 09 July 2015 12:20

Lloyd’s and the University of Cambridge’s Centre for Risk Studies have published a joint report into the implications of a successful widespread cyber attack on the US power grid.

The report publishes details of the expected impacts of a hypothetical scenario where a cyber attack induced electricity blackout plunges 15 US states, including New York City and Washington DC, into darkness and leaves 93 million people without power.
The scenario, while improbable, is technologically possible, says the report, and would result in the following impacts:

The report analyses the implications of these direct and indirect consequences on insurance losses. The total of claims paid by the insurance industry is estimated at $21.4bn, rising to $71.1bn in the most extreme scenario version.

Read the full report (PDF).

Reader comments

This report demonstrates that cyber attacks are now capable of inflicting damages that greatly exceed just data theft, they can now disrupt the lives of everyone in the world and even lead to the loss of life. To prevent major losses and human tragedies, organizations need to realise that current models used to secure data centers / centres and systems are ineffective, fail to provide needed visibility and simply cannot defend against today’s cyber threats.

It is time to recognise that, to win the cyberwar, we need to fundamentally rethink our approach to security and adopt a unified nation-first, vendor-second approach, otherwise our economy and our very way of life will suffer drastically.

Alan Cohen, CCO of cybersecurity company Illumio

"Legacy security solutions such as firewalls, used extensively by organizations responsible for protecting data and systems, are repeatedly failing to stop these large scale attacks. Research and observations we've conducted show that many attacks are sophisticated in nature and have the advantage of strong financial and nation-state backing, but in many cases simple, amateurish attacks can just as easily penetrate through perimeter defences and make their way deep inside data centers, where valuable information and systems are under protected."

Chandra Sekar, director of security research at cybersecurity company Illumio