The Cyber Risk Management (CyRiM) Report 2019 shows that the economic damage to the world from a concerted global cyber-attack propagated by malicious email could range between $85 billion (least severe) to $193 billion (most severe).

Retail at least could suffer the highest total economic loss globally ($15 billion), followed by healthcare ($10 billion) and manufacturing ($9 billion). It is not surprising that by far the biggest losses are in the US ($46-$89 billion) and Europe ($30-$76 billion), with Asia far behind ($6-$19 billion) and the rest of the less tech world far behind ($3-$9 billion).

The report also analyses the impacts of the scenarios on cyber insurance losses. These are classified as affirmative losses (standalone cyber policies and endorsements on traditional policies) and non-affirmative losses (traditional policies without explicit exclusions). Claims will be made for business interruption, contingent business interruption, cyber extortion, incident response costs, personal cyber, and liability losses. The total possible claims are estimated worldwide from $10 billion to $27 billion with business interruption coverage as the main driver of insured losses. The last sentence of the executive summary reads ‘this shows that the insurance industry is significantly exposed to a contagious malware event’.