Cyber contagion events pose catastrophic risk

03 May 2018

Contagious malware outbreaks may present the biggest catastrophic cyber threat to insurers, according to analysis by modelling firm RMS.

Launching its first probabilistic risk model for cyber-attacks, California based RMS says that contagious malware has the potential to cause the largest losses of the five major cyber loss scenarios it has modelled (the other four being data exfiltration, financial theft, cloud outages and denial of service (DoS) attacks).

According to RMS, contagious malware remains a “potent trigger” for loss, even in companies with high standards of security. While large data breaches are often limited to a single company, contagious malware is easy to scale and can cause systemic loss to thousands of companies.


It suggests that last year’s WannaCry and NotPetya malware attacks demonstrate the potential for truly global events of cyber contagion. Both WannaCry and NotPetya were examples of malware that can replicate and spread through networks of communication.

WannaCry and NotPetya affected organisations of different geographical location, industry and size. WannaCry spread to 150 countries while NotPetya affected 65 countries, according to data from the catastrophe modelling firm. RMS estimates that NotPetya caused losses of around USD 2.5 billion to USD 3 billion, after a number of multinational companies reported multi-million dollar losses from lost sales and the cost of repairing systems and workarounds.

The malware outbreaks also impacted critical infrastructure and public services – it affected over 300,000 machines, many critical to national infrastructure such as power stations and transportation hubs, localised and international banking systems, global manufacturing networks and logistics and delivery centres.

WannaCry was eventually stopped when a researcher discovered a kill-switch hidden in the software, otherwise the infection could have spread to many more machines.

RMS suggests that if the kill-switch had not been triggered the infection rates and losses could have been as high as USD 6 billion.


In its 2018 Cyber Risk Outlook RMS says that cyber risk is becoming more international, with losses now being reported in almost every industrialised country. The company catalogues loss events in over 150 countries, although 70% of losses originate in 12 principal countries, mostly in North America and Europe.

Although contagious malware poses the biggest potential threat, RMS analysis found that data exfiltration continues to be the predominant cause of insured losses.

It noted that the frequency of smaller data breaches has reduced in the US – potentially due to big increases in investment in cyber security. However, as attackers find it harder to steal data, criminals may instead be turning to less secure targets in other countries, and to other forms of cyber crime, such as extortion, RMS says.

RMS found that the size of successful breaches is increasing, and breaches are becoming more costly in many jurisdictions. There has also been a significant shift towards large scale data breaches occurring outside of the US, particularly in Asia. For example, three of the four largest breaches in 2017 occurred in China, including the largest, in which two billion phone records were stolen from the popular Chinese call-blocking tool DU Caller.


Another scenario modelled by RMS with the potential to produce very large losses is cloud computing. RMS says that the failure of a cloud service provider, while very unlikely, presents a potential systemic exposure as many cyber policies include coverage for outages. Failures of individual services or regional outage have the potential to cause losses to thousands of users, it says.

In February 2017, a debugging exercise caused a four hour outage at Amazon cloud storage facility, Amazon Simple Storage Service. RMS estimates that the disruption resulted in losses of USD 150 million for a number of affected IT, retail and finance companies. The downtime impacted 54 of the top 100 internet retailers.


RMS modelled the five key loss scenarios as part of its updated cyber risk catastrophe model, RMS Cyber Solutions Platform v3.0. The modelling firm claims that the update helps explore the systemic potential for catastrophe loss. It enables insurers to allocate capital to cyber risk in a rigorous and quantitative way, as well as allow individual account risk pricing to expand the cyber insurance market.

According to RMS, insurers see growing demand for cyber insurance but their ability to pursue this opportunity is constrained by their ability to allocate risk capital with confidence. The ability to produce cyber loss probabilities, particularly for the five loss accumulation scenarios, should help insurers assess the cost of capital needed to support this growth opportunity, RMS says.

Download Cyber Decoder

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on