Lloyd’s and Cambridge University have created a complex scenario examining the insurance implications of a catastrophic cyber attack on the US power grid – and have come up with a bill to the nation’s economy in the most extreme case of more than $US1 trillion ($1.34 trillion).

Lloyd’s Director of Performance Management Tom Bolt says cyber is an underinsured risk, and many organisations mistakenly believe their existing cover will respond to an attack.

“Understanding the impact of severe events is one of the key requirements for insurers to develop cyber-risk cover, and this study aims to contribute to that knowledge base,” Mr Bolt said.

The report depicts an “improbable [but] technologically possible” hack that shuts down parts of the US power grid, plunging 15 states and Washington DC into darkness, affecting 93 million people.

The scenario, created with the university’s Centre for Risk Studies, shows the broad range of claims that could be triggered. It predicts a rise in death rates as health and safety systems fail, a decline in trade as ports shut, disruption to water supplies as electric pumps fail and transport chaos.

The impact on the US economy ranges from $US243 billion ($326 billion) to more than $US1 trillion in the most extreme case. Total insurance claims are estimated at $US21.4 billion to $US71.1 billion ($28.7 billion to $95.5 billion).

Mr Bolt says “a new generation of cyber-insurance solutions for the digital age” will require “innovative collaborations, harnessing multi-disciplinary expertise” and enhanced data for modelling risks.

Sharing of cyber-attack data and pooling of claims information is a complex issue, but all parties have an interest in sharing “anonymised” data on frequency and severity of events.

“This scenario shows the huge impact and havoc that could result from a major cyber attack on the US,” Mr Bolt said. “The reality is the modern, digital and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm.”

Governments also have a role to play. “We need them to help share data, so we are able to accurately assess risk and protect businesses,” he said.