Cyber risk quantification: unlock learnings and lessons from major cyber event

A 2023 cyber event and its subsequent, ongoing operational and fiscal impacts provide a tangible, quantifiable example of the immediate and long-term realities a significant cyber event can have on an organisation.

In our view, the event also acts as a clear counterargument against those advocating for an outright ban for organisations having an option to pay ransoms.

The event equally demonstrates the importance of organisations ensuring their approach to cyber and technology risks is one focused on resilience and not purely prevention and/or defence.

What happened?

A major British cultural institution is still facing the consequences of a cyber-attack it suffered back in October 2023 which left its online services inaccessible. It is claimed that 490,191 files, or 630GB of data, were stolen from the institution’s CRM database.

The attack was claimed by the Rhysida Ransomware Group, which gave the institution just a week to pay £600,000 (roughly AUD $1.14 million). Otherwise, it said it would sell the data, which included passports and employment documents, to a third party.

Understand the lessons, learnings and ongoing impacts

Download the report to understand:

  • The ongoing impacts, both fiscally and operationally

  • Where organisations go wrong

  • Examples of longer-term costs

  • No Personal Identifiable Information (PII) loss does not mean no costs

  • The Australian experience

  • Relevance of a resilient-focused strategy

  • Directors’ & Officers’ risk considerations

  • Where cyber insurance fits in

Download now

Click the download button (located on the right for desktop users and at the bottom for mobile users) to access the report.

For further information, please contact:

Mark Luckin, National Manager, Cyber & Technology, Lockton Australia

E: (opens a new window)

Carlo Ramadoro, Global Cyber & Technology, Lockton UK

E: (opens a new window)

The contents of this publication are provided for general information only. Lockton arranges the insurance and is not the insurer. While the content contributors have taken reasonable care in compiling the information presented, we do not warrant that the information is correct. It is not intended to be interpreted as advice on which you should rely and may not necessarily be suitable for you. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content in this publication.

Learnings, lessons and ongoing impacts from a major cyber event in the UK (opens a new window)
Cyber risk quantification case study: major cyber event