Lloyd’s of London: Payments System Cyberattack Could Cost $3 Trillion

A report found that a major payment system cyberattack could cost $3 trillion.

The report, “Illuminating cyber crime,” was published Wednesday (Oct. 18) by insurance marketplace Lloyd’s of London and the Cambridge Center for Risk Studies, which researches systemic threats. It said that even the least severe scenario would lead to a five-year economic loss of $2.3 trillion. The U.S. would bear the brunt of the losses in the $3 trillion simulation, with $1.1 trillion in losses over five years.

“Even a ‘run of the mill’ cyberattack has the potential to paralyze systems and stop the best-protected organizations in their tracks,” the report said, outlining the following scenario.

The attack would begin with hackers inserting malicious code in critical financial services software used to confirm transactions and verify payments during a routine update.

Because the update would be sent to thousands of partner and customer networks, the attackers could invade them all at once. From there, they would have a back door to carry out a major breach, shutting down transactions, payment clearings and inter-bank lending. The hackers could then divert funds to accounts that they control.

Security teams would be bogged down dealing with the hack, meaning they wouldn’t be able to deal with other work or support customers. Essentially, the report argued, the attack could take seconds but have an impact that could last years.

“Beyond the immediate costs, confidence in financial institutions is shaken; trade and customer relationships suffer; regulations tighten to prevent future breaches; and long-term business costs increase to build system resilience,” the report said.

There has been a wave of high-profile cyberattacks in the last few months, including one on Clorox that reportedly led to a 28% year-over-year drop in net sales, with the company projecting a 26% decrease in organic sales.

Last month also saw attacks on two of the country’s biggest casino operators — MGM and Caesar’s — that disrupted operations there.

Meanwhile, the PYMNTS Intelligence report “Fraud Losses From Impersonator Scam Double for Largest US Banks,” a Hawk AI collaboration, found that 43% of financial institutions (FIs) have experienced increased levels of fraud compared to last year.

“The average cost of fraud for FIs with assets of $5 billion or more also increased by 65%, from $2.3 million in 2022 to $3.8 million this year,” PYMNTS wrote in September. “Drill down a bit, and 12% of fraudulent transactions are tied to scams, with bank tech support impersonation and IRS scams the most common attack vectors.”