Major companies are investigating ways to insure themselves against catastrophic cyber attack, according to digital risk assessment company Mi2g.
In a strongly worded statement, the London-based firm declared that large companies faced a $100 billion "global cyber catastrophe" and were actively considering banding together for financial cover.
Most insurance policies won’t cover firms for losses from hacking or denial of service attacks, Mi2g said, and MyDoom and the Windows source code leak from Microsoft had concentrated minds.
D K Matai, the firm’s executive chairman told Techworld that he knew of 10 to 15 CEOs of FTSE 100 and S&P 500 companies from the UK, US and Switzerland who were out there looking for cover in anticipation of a massive digital disaster.
He insisted that the statement, which mentions some form of $100bn catastrophe, event or scenario no less than ten times, was not aimed at scaring people. He said that Mi2g felt that companies, regardless of how many firewalls they employed, could not be the "nannies" of home computers and therefore could not stop the "zombie armies" that could be "in excess of x million already" that were waiting dormant to unleash MyDoom’s true force. Therefore one of Mi2g’s missions was to get government to listen and to do something about home users who don’t employ up-to-date anti-virus software.
Mr Matai said that he was set to meet Andrew Pinder, the government’s e-envoy, and members of the parliamentary office of science and technology tomorrow. One of his suggestions was for western governments to issue computer "driving licences" to home computer users. Or to get high-street computer vendors to limit the capabilities of PCs - so that they couldn’t send out hundreds of messages a minute, for example.
To avoid catastrophe, Mi2g advised organisations not to rely on just one operating system. "A computer network based 99 per cent on one operating system may not necessarily be the most robust if a future DIMA [Distributed Intelligent Malware Agent] targets the vulnerabilities of software running on that platform in particular," it said. "There could be quality awards issued for achieving a high standard of biodiversity by the government agencies responsible for trade and industry," it suggested.
Mr Matai said that the $100bn figure was not Mi2g’s own but was told to the company by its confidant in the insurance industry who had been asked to begin modelling a $100bn risk.
He said that MyDoom had caused $58 billion of damage worldwide. [Security experts however have a problem with the claim of $250 million.]
Corporations, he said, were consequently looking at the idea of banding together to create an alternative risk transfer such as a catastrophe bond. These had been created by consortia in certain industries for the last ten years, he said, to cover them for hurricanes and tornadoes.
CEOs were now talking to each other about such a bond to cover massive cyber attacks that they cannot find insurance for.
Meanwhile, Mi2g asked readers to consider this "$100bn trans-national cyber catastrophe scenario: "It is a bright and sunny day in a major global city and you are checking your Internet bank account and share dealing service online - all evidence that you owned any shares or maintained a bank balance has been wiped out. You panic - you are told that your bankers have been struck by a computer virus. An hour after that, you lose electricity. As you drive your car to buy some emergency supplies, you cannot get through the city because the traffic guidance system is dead. Within a few minutes of each other, five major cities across the globe grind similarly to a halt.”
Scary stuff indeed.