Cyber risk analytics firm CyberCube and global reinsurer Munich Re have released the findings of a joint study examining the impact of severe cyber accumulation events and the varying levels of organizational resilience influenced by risk mitigation measures.
Respondents widely agreed that a major malware event could potentially impact 25% of all systems worldwide, though only about 15% would be expected to suffer complete compromise.
Experts did not anticipate any plausible scenario where more than 50% of global systems would be fully compromised. The scale of a potential incident similar to previous outbreaks such as WannaCry or NotPetya was considered within the range of current expectations.
Among the most effective defenses cited against malware were patch management, network segmentation, and comprehensive data backup strategies. When implemented effectively, these measures were reported to reduce both the likelihood and financial consequences of widespread malware attacks by 50% to 80%.
The study also addressed risks associated with cloud service dependencies. Respondents indicated that while widespread outages across major cloud providers are expected to last from several hours to a few days, outages exceeding 72 hours remain a possibility, albeit a limited one.
Survey data revealed a consistent medium-to-high level of dependence on cloud services across industries, with smaller companies generally reporting higher reliance than larger enterprises.
“Our ambition is to improve the understanding of possible extreme malware and cloud events alongside the effectiveness of mitigation measures by sharing the insights of our study,” Munich Re’s senior cyber actuary Stephan Brunner (pictured above) said.
Financial exposure was found to increase in proportion to outage duration. A one-day disruption of a company's most critical cloud provider would likely result in a loss equivalent to 1% of its annual revenue. The extent of financial loss varied depending on the organization’s reliance on the cloud, its sector, and the maturity of its contingency plans.
Cybersecurity professionals pointed to multi-region deployment within a single cloud provider as the most effective strategy for reducing the impact of outages on critical business functions.
Using multiple cloud providers was not viewed as a practical or reliable mitigation approach, given the difficulty of transferring services between providers during an outage. Among cloud platforms, Microsoft Azure, Amazon Web Services, and Google Cloud were identified as the most prepared for mitigating and recovering from significant disruptions.
The study also assessed emerging technologies and their effect on the evolving threat landscape. Industrial and consumer Internet of Things (IoT) devices were cited as immediate areas of concern, while Large Language Models were viewed as having current operational relevance. Artificial General Intelligence was projected as a potential risk beyond a five-year horizon.
Broader industry commentary has pointed to the evolving challenges in cyber catastrophe modeling, particularly in the context of systemic risk. AM Best has noted that while more insurers are adopting either probabilistic or deterministic modeling approaches, the underlying assumptions and aggregation parameters remain highly variable.
The timing of the study coincides with broader market trends in cyber risk. A 2025 report by Aon highlighted an increase in systemic cyber incidents across North America, which contributed to a 7% decline in U.S. cyber insurance premiums in early 2025.
Despite the drop in premiums, insurers also experienced an increase in claims, suggesting heightened sensitivity to potential accumulation risks and pricing pressures tied to perceived volatility.
Separately, market data from Guy Carpenter indicated that while ransomware continues to drive many of the losses in the cyber insurance sector, accidental or systemic events – such as cloud disruptions and cascading software failures – pose challenges due to limited modeling capabilities.
What are your thoughts on this story? Please feel free to share your comments below.
