What would be the impact on insurers and the global economy if key ports in Asia-Pacific were closed as a result of a cyber attack? Our new scenario report explores the impact of a hypothetical computer virus which closes up to 15 ports in Asia. Economic losses from closures and disruption range from $40.8 billion in the least severe scenario variant to $109.8 billion in the most extreme.
‘Shen attack: Cyber risk in Asia Pacific ports’ is the second of two joint reports created by the Centre for Risk Studies and by produced by the Cyber Risk Management (CyRiM) project led by Nanyang Technological University, Lloyd’s, and other insurance industry leaders.
This report, found here, describes a hypothetical malicious computer virus that scrambles the cargo database records at major ports in Asia. Without accurate knowledge of container contents on cargo ships, infected ports are forced to close for up to a week, halting traffic as they examine each container manually and severely disrupting the global maritime supply chain. Direct economic losses are driven by the impact to perishables and delayed delivery of goods, along with the intense business interruption resulting from port closures. Up to 15 ports in Japan, Malaysia, Singapore, the Republic of Korea, and China are targeted in the scenario’s most extreme variant, leading to total economic losses of nearly $110 billion.
Subsequent indirect losses cascade through the global maritime supply chain across the world. Asia is the region worst-affected in the scenario, losing up to $27 billion in indirect economic losses, followed by Europe, with $623 million and North America, with $266 million. For perspective on these losses, Lloyd’s press release of the report revealed the total economic loss of $110 billion is “roughly equivalent to half of all losses from natural catastrophes globally in 2018.”
International shipping is responsible for 90% of world trade by volume and forms a crucial ligament in the continuity of the global economy. Analysis of the Shen attack impact to the insurance industry demonstrates the extent to which the industry is unprepared for such an attack. Only 8-9% of the overall losses attributed to the attack are covered by affirmative or non-affirmative cyber insurance policies, leaving a wide insurance gap of $101 billion. As such, there is a vast opportunity for new cyber policies in the Asia Pacific insurance market to protect both the regional and global economy.
This report is intended to challenge all industries to better scrutinise and securitise their growing digital supply chains and areas of accumulated risk. Hypothetical, deterministic scenarios provide safe spaces for businesses, analysts, insurers, and economists to experiment with mitigations measures and adjustments to their risk appetites before an attack of any magnitude occurs. While cyber attacks have badly impacted individual ports in the past, an attack on systemic vulnerabilities across ports on the scale proposed in the Shen attack scenario has never been seen. However, the combination of aging shipping infrastructure and globally complex supply chains makes the shipping industry, vital as it is to global trade, vulnerable to extreme losses.
The events detailed in the Shen attack report and in other scenario analyses carried out by the Centre for Risk Studies are low probability, high impact events. The report, as well as other cyber and maritime scenarios created by the Centre for Risk Studies, can be found at business hub.