Balázs Gyimesi, OECD Observer
“Sorry, our website is temporarily unavailable.” While this message may cause you some inconvenience when surfing the web, it’s costly for companies. For over 50% of firms, the unavailability of their sites can cost as much as US$1,000 per minute. And technical shortcomings are not the only reason websites go down–targeted cyber attacks are too.
Cybercriminals bombard servers with traffic to overburden websites. These “denial-of-service” attacks (DoS) affect firms of all sizes in every region. In October 2016, a network of internet-connected devices attacked the servers of Dyn, a provider of domain name system services. It temporarily shut down several major websites in the US and Europe, including those run by television channel CNN, The Guardian newspaper, Netflix, a film entertainment company, and social media giant Twitter. While the cyber attack was neutralised in just over two hours, it caused business losses of an estimated US$110 million.
This was an especially damaging denial-of-service attack compared to the average, whose cost is estimated at over US$50,000 for small firms and nearly US$450,000 for larger businesses. And the number of these harmful attacks is on the rise, targeting mostly government, media and financial services. After a peak of 4919 DoS attacks in the second quarter of 2016, the number fell to around 3164 in the first quarter of 2017, but rose again in the second quarter of 2017 to 4051.
Insurance can help companies be more resilient to cyber risks but there are challenges that need to be overcome before the cyber insurance market can reach its full potential. Governments should also support initiatives aimed at sharing knowledge and expertise on risk management practices, as set out in the OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity. When a DoS attack happens, every minute counts–we need responses to restore service now.
OECD (2018), The cyber insurance market: Responding to a risk with few boundaries, www.oecd.org/finance/insurance/The-cyber-insurance-market-responding-to-a-risk-with-few-boundaries.pdf
OECD (2018), Unleashing the Potential of the Cyber Insurance Market: Conference outcomes, www.oecd.org/daf/fin/insurance/Unleashing-Potential-Cyber-Insurance-Market-Summary.pdf
OECD (2017), Enhancing the Role of Insurance in Cyber Risk Management, OECD Publishing, Paris, http://dx.doi.org/10.1787/9789264282148-en
OECD (2015), OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity, https://www.oecd.org/sti/ieconomy/digital-security-risk-management.pdf
OECD Unleashing the potential of the cyber insurance market, videos and conference summary: http://www.oecd.org/finance/2018-oecd-conference-cyber-insurance-market.htm
Digital Attack Map, www.digitalattackmap.com/about/
©OECD Insights May 2018