Cybercrime global losses predicted to go as high as $6 trillion

11 October 2017

Losses from cybercrime are only likely to increase because of far-reaching global connectivity, warns cyber risk expert James Trainor.

The former head of the FBI’s Cyber Division – responsible for all cyber investigations at the Bureau – is now Senior Vice President within Aon’s Cyber Solutions Group. Speaking at the Guernsey Insurance Forum 2017 in London, Mr Trainor said a 2014 study by the Centre of Strategic and International Studies that attributed annual losses of $445 billion to cybercrime was now vastly underestimating the current position, while 2016 research by Cybersecurity Ventures has now put the figure at $6 trillion.

“Various organisations have done research, over the last couple of years, and some [Cybersecurity Ventures] suggest that that the figure will go up to six trillion,” said Mr Trainor, who cited increased connectivity as one of the biggest factors for this rise.

“The Internet of Things is a perfect example; there’s about six or seven billion devices connected to the internet now. That number could go up to 20 or even 50 billion devices in the next three to five years, so more connectivity means more opportunities to do denial-of-service attacks, more vectors into your network, more opportunities to crypt those devices to make money.”

Mr Trainor warned there was currently a lack of insurance premiums being taken to cover for the estimated losses from these cyber-attacks.

“I’m not sure six trillion is the real number, but I do know the insurance premiums that are coming in, which is about $3 billion annually on cyber. So, whether it’s $445 billion or six trillion, there’s only three billion in capital – that’s a significant gap. Essentially, companies are absorbing the losses for this,” said Mr Trainor.

“That’s why I call cyber somewhat of a team sport, meaning that companies have to do a better job of protecting their network, the insurance industry has to bring more capital into the industry to cover the losses and government has to do a better job of disrupting it.”

Mr Trainor emphasised the importance of having trusted advisers who could navigate what was becoming an increasingly complicated space.

“If cyber security’s very complicated, cyber insurance is equally complicated. The past is less indicative of the future in cyber. We don’t have 350 years of actuarial data to underwrite cyber risk – the threat evolves. Ransomware is a perfect example of how the threat has evolved over the last three years. It went from getting paid from a credit card or PayPal to now having to do the transaction entirely on Tor, which is an anonymised browser, and pay via a virtual currency.”

“The Internet of Things is a perfect example; there’s about six or seven billion devices connected to the internet now. That number could go up to 20 or even 50 billion devices in the next three to five years, so more connectivity means more opportunities to do denial-of-service attacks, more vectors into your network, more opportunities to crypt those devices to make money.” Aon's James Trainor

In addition to Mr Trainor’s keynote speech, the Guernsey Insurance Forum included panel sessions on insurance’s answer to 21st century megatrends and creating a suitable environment for ‘unicorns’.

Bruce Fayle, Head of the Audit and Conduct Risk Department for RWA, and Stephen Carter, Partner at Carter Perry Bailey LLP, were two of more than 160 delegates in attendance. Both found the content of the sessions insightful.

Mr Fayle said: “I think it was a very thought-provoking event. I found the keynote speaker and some of the messages that he conveyed very informative but also extremely worrying.”

Mr Carter added: “Cyber is always interesting - it's a new expanding area full of uncertainty. Anything that relates to offshore is of relevance to me as we work with lawyers there (Guernsey).”

The event was sponsored by Appleby, Artex, Bedell Cristin, BWCI, Carey Olsen, Ogier, Robus, Royal London, SunTrust and Willis Towers Watson.