Cyber Risk Could Cause Shock on Scale of 2008 Crisis, says Zurich

Organisations need to dramatically improve their response to cyber risks if they are to avert a new global shock on the scale of the 2008 global financial crisis, a study by Zurich Insurance warns.

The Swiss group commented that even cyber security professionals lack a clear overview of all the interconnected risks that organisations potentially face.

The report on cyber risks, which Zurich produced in cooperation with the Washington, DC-based ‘think tank’ Atlantic Council, warns that “a build-up in these risks could create a failure on a similar scale to the 2008 financial crisis”.

“We are in an extremely homogenised environment which makes it much easier for one failure to become a failure across the system, because you have common dependencies – and that is going to become more widespread when we start doing more cloud-based stuff,” said the report’s author, Jason Healey, director of the Atlantic Council’s cyber-statecraft initiative.

“It isn’t so much that the internet is not going to be there tomorrow; it is that, as it has these hiccups, they will be transmitted directly into the economy and our real lives in ways that they weren’t before and ways that we are not ready for.”

Zurich risk chief, Axel Lehmann, added: “Few people truly understand their own computers or the Internet, or the cloud to which they connect, just a few truly understood the financial system as a whole or the parts to which they are most directly exposed.”

The report notes that outsourcing of server management and creating direct connections between organisations such as for corporate joint ventures makes it more difficult to get an overview of the risks involved. The risk of disruption in the Internet infrastructure itself, malware attacks and major international conflicts can also create system-wide risk.

“The Internet is the most complex system humanity has ever devised. Although it has been incredibly resilient for the past few decades, the risk is that the complexity which has made cyberspace relatively risk-free can, and likely will, backfire,” Lehmann added.


Related reading