Skip to main content
Locations

Cyber attacks on payment systems – counting the cost

30 November 2023
Tim Johnson
Print

Previous

Baby boom and gloom: Uncertainty for the life insurance industry

Next

Fixed Recoverable Costs – controlling claims

Last month, Lloyd’s published its systemic risk scenario detailing the potential global economic impact of a hypothetical cyber-attack on major financial services payment systems. 

The model set out the three ways in which an attack can impact businesses:

  1. data breach;
  2. compromising data accuracy and validity; and
  3. prevention of access.

Detailed in the scenario, through the use of code attackers are able to infiltrate networks, providing access to perform a major breach. As the discovery and repair of a breach can be a lengthy task, throughout this period the attackers are able to divert funds. 

The model highlights that the United States of America, China and Japan are the countries likely to experience the highest economic loss. Loss of confidence in the institution and an increase in costs to tighten regulations and increase resilience were also highlighted in the scenario.

In building the scenario, Lloyd’s and the Cambridge Centre for Risk Studies considered previous historic events such as:

  • 2017 - Wannacry: A ransomware attack impacting Windows systems by encrypting contents and demanding a payment to decrypt. It was reported that the attack impacted 99 countries, with the NHS and companies such as Telefónica in Spain, Renault in France and FedEx in the USA being affected.
  • 2017 - NotPetya: A malicious data encryption tool hidden in legitimate software that spread rapidly through trusted networks, therefore bypassing the processes in place to prevent ransomware. The attack was destructive, with the malware not being designed to be decrypted. An assessment by the National Cyber Security Centre found that the Russian military was ‘almost certainly responsible’.
  • 2022 - Albania DDoS attack: A destructive cyber-attack against the Albanian government that disrupted government websites and public services. The attack involved the deployment of ransomware followed by wiper malware. Microsoft stated with ‘high confidence’ that the attack was carried out by actors sponsored by the Iranian government. 

For further considerations for insurers in regards to cyber-attacks, please see our CyberCube’s Global Threat Outlook: The evolving threat of cyber operations article in The Word’s September edition.

Contents

Key contact

Key contact

Tim Johnson

Partner

tim.johnson@brownejacobson.com

+44 (0)115 976 6557

View profile Connect on LinkedIn
Can we help you? Contact Tim

Discover more

Product Policy endorsement drafting service
Sectors Insurance

Related expertise

You may be interested in...

The Baltimore bridge collapse: One of the biggest losses in maritime insurance history?
24 April 2024
Legal Update

The Baltimore bridge collapse: One of the biggest losses in maritime insurance history?

The space data revolution
24 April 2024
Legal Update

The space data revolution

New guidance on supporting autistic customers for the insurance industry
24 April 2024
Legal Update

New guidance on supporting autistic customers for the insurance industry

Chubb ordered to indemnify SXSW for Covid cancellation
24 April 2024
Legal Update

Chubb ordered to indemnify SXSW for Covid cancellation

The Word, March 2024
28 March 2024
Legal Update - The Word

The Word, March 2024

Commercial Court considers requests for stay or anti-suit injunction where two competing reinsurance wordings
05 March 2024
Legal Update

Commercial Court considers requests for stay or anti-suit injunction where two competing reinsurance wordings

Parametric flood policies - Insurers no longer in uncharted waters?
27 February 2024
Legal Update

Parametric flood policies - Insurers no longer in uncharted waters?

LockBit unlocked: International taskforce takes down major cyber criminal organisation
27 February 2024
Legal Update

LockBit unlocked: International taskforce takes down major cyber criminal organisation

80% of GAP market pause sales amid Consumer Duty concerns
27 February 2024
Legal Update - Consumer Duty

80% of GAP market pause sales amid Consumer Duty concerns

FCA writes to MPs over car insurance premiums. What do increases mean for fraud?
27 February 2024
Legal Update

FCA writes to MPs over car insurance premiums. What do increases mean for fraud?

Biodiversity Net Gain: A new landscape for restoration clauses
27 February 2024
Legal Update

Biodiversity Net Gain: A new landscape for restoration clauses

The regulators’ pet project
27 February 2024
Legal Update

The regulators’ pet project

Welsh Government inks new regulations for Acupuncture, Body piercing, Electrolysis and Tattooing
27 February 2024
Legal Update

Welsh Government inks new regulations for Acupuncture, Body piercing, Electrolysis and Tattooing

Insurance and the escalating situation in Suez Canal
27 February 2024
Legal Update

Insurance and the escalating situation in Suez Canal

Update: Further debates on the Automated Vehicles Bill in the House of Lords this month
27 February 2024
Legal Update

Update: Further debates on the Automated Vehicles Bill in the House of Lords this month

The Word, February 2024
27 February 2024
Legal Update - The Word

The Word, February 2024

Progress on the Automated Vehicles Bill
16 February 2024
Legal Update

Progress on the Automated Vehicles Bill

The Word, January 2024
29 January 2024
Legal Update - The Word

The Word, January 2024

Voldemort causes havoc at Sellafield – nuclear risks and insurance policies
26 January 2024
Legal Update

Voldemort causes havoc at Sellafield – nuclear risks and insurance policies

Adapting to change or falling behind? The FCA under fire from the National Audit Office
26 January 2024
Legal Update

Adapting to change or falling behind? The FCA under fire from the National Audit Office

A blow to manufacturers as Thai Court confirms insurers’ denial of cover in wind turbine case
26 January 2024
Legal Update

A blow to manufacturers as Thai Court confirms insurers’ denial of cover in wind turbine case

Premium finance – a poverty premium
26 January 2024
Legal Update

Premium finance – a poverty premium

'Clear and unambiguous' exclusions: Cameron Soule v Woodward Design + Build LLC
26 January 2024
Legal Update

'Clear and unambiguous' exclusions: Cameron Soule v Woodward Design + Build LLC

Follow the leader: Insurers using algorithmic underwriting
26 January 2024
Legal Update

Follow the leader: Insurers using algorithmic underwriting

The Word, December 2023
15 December 2023
Legal Update - The Word

The Word, December 2023

Al Mana Lifestyle Trading L.L.C. & Others v United Fidelity Insurance Company PSC & Others [2023] EWCA Civ 61 – Update
08 December 2023
Legal Update

Al Mana Lifestyle Trading L.L.C. & Others v United Fidelity Insurance Company PSC & Others [2023] EWCA Civ 61 – Update

Proposed amendments to the Arbitration Act 1996
08 December 2023
Legal Update

Proposed amendments to the Arbitration Act 1996

Chubb leads a $50m consortium to help mitigate the increasing risks associated with lithium-ion batteries
08 December 2023
Legal Update

Chubb leads a $50m consortium to help mitigate the increasing risks associated with lithium-ion batteries

D&O: Australian Courts consider the meaning of ‘personal advantage'
08 December 2023
Legal Update

D&O: Australian Courts consider the meaning of ‘personal advantage'

Trade credit: Australian Courts consider the meaning of ‘recoveries’
08 December 2023
Legal Update

Trade credit: Australian Courts consider the meaning of ‘recoveries’

Energy insurance: Technip Saudi Arabia Limited v The Mediterranean and Gulf Cooperative Insurance and Reinsurance Company ('Medgulf')
08 December 2023
Legal Update

Energy insurance: Technip Saudi Arabia Limited v The Mediterranean and Gulf Cooperative Insurance and Reinsurance Company ('Medgulf')

Covid BI litigation (Autumn 2023): Insurance coverage disputes update
08 December 2023
Legal Update

Covid BI litigation (Autumn 2023): Insurance coverage disputes update

The Word, November 2023
30 November 2023
Legal Update - The Word

The Word, November 2023

Failure to prevent fraud: how can my organisation prepare?
22 November 2023
Legal Update

Failure to prevent fraud: how can my organisation prepare?

Customers in financial difficulty: Cost of living crisis and the FCA
27 October 2023
Legal Update

Customers in financial difficulty: Cost of living crisis and the FCA

Insurable interest: Quadra Commodities S.A v XL Insurance Co SE and Others
27 October 2023
Legal Update

Insurable interest: Quadra Commodities S.A v XL Insurance Co SE and Others

The Luton Airport car park fire – implications for insurers
27 October 2023
Legal Update

The Luton Airport car park fire – implications for insurers

Are amendments to be expected for the Arbitration Act 1996?
27 October 2023
Legal Update

Are amendments to be expected for the Arbitration Act 1996?

Insurance industry Consumer Duty update – Fair value, FCA Dear CEO letters and multi-occupancy buildings
27 October 2023
Legal Update - Consumer Duty

Insurance industry Consumer Duty update – Fair value, FCA Dear CEO letters and multi-occupancy buildings

Simplifying sanctions clauses - LMA3100A and LMA3200 released
27 October 2023
Legal Update

Simplifying sanctions clauses - LMA3100A and LMA3200 released