January 2019 - CyRiM Bashe Attack Report 

This report, ‘Bashe attack: Global infection by contagious malware’ explores a scenario in which companies’ devices are infected with malware that threatens to destroy or block access to files unless a ransom is paid. 

The attack is launched through an infected email, which once opened is forwarded to all contacts and within 24 hours encrypts all data on 30 million devices worldwide. Companies of all sizes would be forced to pay a ransom to decrypt their data or to replace their infected devices.  

The report estimates a cyber-attack on this scale could cost $193bn and affect more than 600,000 businesses worldwide.

Despite the high costs to business, the report shows the global economy is underprepared for such an attack with 86% of the total economic costs uninsured, leaving an insurance gap of $166bn.  

The report:

  • Analyses regional economic impacts in the US, Europe, Asia and the rest of the world.
  • Analyses the economic impacts by industry sector.
  • Challenges assumptions of how prepared the global economy is for a cyber-attack of this nature and scale.   
  • Highlights lessons for the insurance sector in terms of policy, legal and aggregation issues in cyber insurance products.   
  • Identifies opportunities for insurers to expand their business in insurance classes associated with ransomware attacks.  
The report is a publication from the Cyber Risk Management (CyRiM) project, the Singapore-based public-private initiative that assesses cyber risks.  

Download the report here.