Potential financial consequences from extreme overtime incidents might exceed $300 billion
Headline: Global Financial Impact of Catastrophic Cyber Events in Operational Technology Could Reach $330 Billion Annually
In recent months, companies have reported significant financial losses from cyberattacks affecting their supply chains or online transactions. One such cybercrime group, the Scattered Spider, has been linked to attacks causing significant financial losses for companies like Marks & Spencer and United Natural Foods, with combined losses exceeding $750 million.
A joint report by industrial cybersecurity firm Dragos and professional-services firm Marsh McLennan has estimated that the global financial impact from catastrophic cyber events could near $330 billion annually. This estimate is based on a 1-in-250-year tail event and includes global supply-chain and related impacts.
The report highlights that many organizations underestimate the indirect costs, such as disrupted operations and supply chains, which can drive overall financial risk far beyond direct damages. For instance, business interruption losses alone exceed $172 billion annually in such extreme events.
The average annual global risk for OT cyber events is much lower, at about $12.7 billion, with a 12-month aggregated risk around $31 billion. This underscores how the tail event scenario represents an extreme but plausible disruption with very high financial consequences.
Key points from the report include:
- Catastrophic OT cyber disruptions affect critical infrastructure and manufacturing sectors heavily reliant on connected technologies, including remote-access tools.
- Most OT companies underinvest in OT-focused cybersecurity, concentrating on IT networks instead, which can lead to overlooked vulnerabilities and greater business interruption risks.
- The model accounts for not just direct asset damages but global supply-chain impacts, amplifying losses far beyond localized effects.
Mark Stacey, VP at Dragos, notes that many companies invest the majority of their cybersecurity budget on IT networks and often assume OT functioning as normal when production is ongoing. He warns that the potential impact of business interruption is often underestimated.
Marks & Spencer, a British department store chain, suffered a $400 million loss due to a social-engineering attack linked to the Scattered Spider cybercrime group. The company has since restored its online ordering service, months after the April cyberattack.
United Natural Foods, a distributor for retailers including Amazon's Whole Foods chain, expects to lose at least $350 million due to a cyberattack also linked to Scattered Spider. The company has not yet specified a timeline for recovering from the cyberattack.
The report focuses on the risks facing operational technology, which has seen an increase in attacks in recent years. Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, with a focus on whether they are a potential target.
The financial analysis in the report is based on 10 years of breach and insurance-claims data from Marsh McLennan's Cyber Risk Intelligence Center. The report suggests three OT security controls most associated with risk reduction: maintaining a comprehensive incident-response plan, using defensible architecture, and performing continuous monitoring to preserve visibility into a network.
Dragos researchers highlight that indirect losses, including the impact from disrupting normal operations, are often overlooked by companies. This underscores the importance of understanding and preparing for the potential financial impacts of catastrophic OT cyber events.
Read also:
- Revitalize bouncing back: gaming sector rebounds from sales slowdown
- Rapid Growth in Bio-based Polypropylene Sector Anticipated at a Compound Annual Growth Rate of 26.5% by 2034
- Ford unveils novel electric vehicle platform and manufacturing setup
- Ford reveals cost-effective electric vehicle foundation, allocates $2 billion for Louisville factory upgrade
