A coordinated cyber attack could hit 600,000 businesses around the world and cost the global economy as much as £148bn, according to a new report.
Researchers at Cambridge University modeled a scenario in which an attack is launched through a malware-laden email that is automatically forwarded to a victims’ contacts list, encrypting data on nearly 30m devices within 24 hours.
It is predicted that the attack would have the greatest impact on the retail and healthcare sectors, which would suffer losses of £19bn each. The former would lose business due to payment systems being taken offline, while the latter would be unable to treat patients who depend on legacy IT infrastructure that cannot be easily patched, the researchers predict.
“Historically, the healthcare sector has been vulnerable to high levels of malware infection due to legacy IT infrastructure systems, which are more vulnerable to malware, and low investment in IT,” they stated.
The WannaCry campaign is one of the most high profile global ransomware attacks to date and hit the NHS particularly hard, forcing doctors to cancel or postpone thousands of appointments and operations across the UK.
The researchers also warned that the manufacturing sector would suffer significant revenue loss “because the malware encrypts manufacturing equipment which halts production”. “The encryption of inventory management systems further disrupts production,” the authors state. “The indirect impact on international trade causes delays in the transportation of ‘final’ goods these companies produce as well as intermediary goods needed for production. This causes further disruption and revenue loss.”
Despite the widespread economic losses many industries are predicted to suffer in such a scenario, the insurance giant Lloyds – which commissioned the report – claimed that most sectors are under-prepared for a coordinated ransomware attack, with 86 per cent of total economic losses uninsured, amounting to an insurance gap of £127bn.