Tom Johansmeyer
What would the most destructive and costly cyberattack in history look like?
The Department of the Treasury is exploring a federal mechanism for providing relief capital to the insurance industry in the event of a major cyber catastrophe. While the prospect of a cyber incident sinking the insurance industry and leaving society exposed is intensely remote, it highlights an underlying problem with our understanding of the destructive capacity of cyberattacks—hyperbole. If the terror attacks of September 11, 2001, represented a failure of imagination, then the fear we have of a significant cyberattack represents a failure to keep our imaginations under control.
History shows that it is easier to imagine a catastrophe than to produce it, but it fails to explain why. The last twenty-five years of economic loss data suggest cyberattacks aren’t nearly as costly as the annual hurricanes and hailstorms we experience.
So why are we so afraid?
In many ways, our fear can be attributed to the relative newness of cyber risks in human history, meaning they need to be better understood by the public and with many precedents. Additionally, our misunderstanding is related to the thin historical data we have on them and, more critically, that our historical data relies heavily on a few specific, recent cases—the most prominent being the 2017 NotPetya attack. With a $10 billion price tag and impacts across 65 countries,NotPetya was called “the most destructive and costly cyberattack in history.” But the numbers tell a different story, and relying on NotPetya as our catastrophic example may mean researchers and analysts are staring down a paper tiger.
No comments:
Post a Comment