Ideas for Leaders #491

Cyber-Attack Catastrophe: Lessons from a Plausible Risk Scenario

This is one of our free-to-access content pieces. To gain access to all Ideas for Leaders content please Log In Here or if you are not already a Subscriber then Subscribe Here.

Key Concept

The Centre for Risk Studies at Cambridge University has developed a detailed risk scenario describing a slow-burning cyber attack on a fictional software developer that has global consequences. The improbable but plausible scenario, based on a variety of real (but smaller) cases, is intended as a ‘stress test’ for organizations and public policy bodies and offers lessons in how to mitigate the impact of such attacks.

Idea Summary

The extensive damage caused by computer hackers accessing the confidential information held within a company’s information technology is, unfortunately, well documented. But beyond compromising millions of customers or accessing company secrets, a cyber attack on an SITE (systemically important technology enterprise) could be even more catastrophic, potentially damaging the global economy and undermining the value of world financial markets. SITEs — like their ‘too-big-to-fail’ banking counterparts Systematically Important Financial Institutions or SIFIs — are considered vital to international corporate productivity.

The likelihood of such a catastrophic cyber event on this scale is improbable (1% chance of occurrence within a given year) but plausible. To help companies prepare for the eventuality of such an attack, researchers at Cambridge University’s Centre for Risk Studies have developed a ‘stress test’ scenario that recreates such an attack and reveals the extent of the resulting global damage.

Called Sybil Logic Bomb Scenario, the scenario describes a malicious insider who modifies the source code in a regular upgrade of the Sybil (the company is fictional) database software. The ‘bomb’ is designed to slowly corrupt data backups by introducing small errors in the systems — errors so small that they are not noticeable at first. Because the Sybil software is a popular software used by many companies, the bomb gets distributed into the information systems of companies around the world within a few weeks. Imperceptibly, the virus damages and undermines business systems over a period of several years. Eventually, the damage is slowly uncovered — but after a period of up to five quarters or 15 months — and as the full, horrifying extent of the damage becomes apparent, people’s faith in the information technology systems in both the private and public sector is shaken, leading to what the researchers call “information malaise.” 

Based on the scenario, the total losses to global GDP output over a five-year period range from $4.5 trillion to, in the most extreme scenario, $15 trillion.

The impact on financial markets, however, is relatively small, totalling, by the time the software problem is identified and fixed, a 4% loss in cumulative returns.

Business Application

Although the scenario has a low probability of occurrence, it was constructed using the precedents of past cyber attacks. For example, the researchers describe in the scenario how the Sybil Logic Bomb impacts specific companies, such as a fund management firm that loses £440 million in just 45 minutes of trading, a utilities company responsible for a series of spillages at its sewage treatment plant (the compromised process control system keeps opening valves), or a UK bank that is forced to write down $1.75 billion because of small accounting errors over a period of two years. All of these incidents are based on real cases: a U.S. fund managers lost $440 million in 45 minutes due to a mistake in their trading algorithm; by hacking into the company’s control systems, a disgruntled employee caused 47 sewage spill incidents for an Australian utility; and an Australian bank had to write down $1.75 billion because of an error in a financial model.

In the digital world, a small error whether malicious or accidental can have disastrous consequences. Although a scenario of such global reach is plausible but not probable, it offers important lessons seeking to protect the integrity of its information systems.

The damage caused by the Sybil Logic Bomb could have been mitigated, according to the scenario, through the following measures:

  • Reporting near misses. If something unexplained happens, don’t shrug off the error. Investigate.
  • Dual-source technologies. The best option is to have two databases from different vendors that mirror each other. At the least, insist on two different, mirroring versions of the same database.
  • Plug swappable technologies. Put in place the capability to swap one software module for another.  
  • Consider standardization initiatives carefully. It is easy to be seduced by standardization initiatives — but consider the potential loss of security as much as the potential cost-savings or increase in efficiency.
  • Defend against insider attacks. Develop the techniques and processes to protect against insidious attacks from insiders.

As with all types of crises, an effective reputation management process already in place is essential. Another recommendation from the scenario is barely heard in today’s digital conservation: having a physical backup to the digital information. When a crisis hits your information systems, do you have any physical options to fall back on?

Contact Us




Idea conceived

  • June 2014

Idea posted

  • February 2015

DOI number



Real Time Analytics