The average of $53bn is on par with the cost of a natural disaster such as US Superstorm Sandy in 2012, while the $120bn "extreme" figure is as much as 0.2% of global GDP, or as much as 2005's Hurricane Katrina.
The costs factored in included money spent repairing the affected computers as well as money lost due to the disruption a cyber attack causes to business processes, Reuters reported. If a major cloud service was disrupted, the losses could range from $4.6bn for a large event to $53.1bn for an extreme event, it said.
The report by Lloyd's of London, released yesterday and co-written with risk-modelling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems worldwide.
The report's hypothetical cloud service provider attack involves hackers injecting malicious code created to trigger system crashes among victim systems a year later.
The report's authors said businesses need to be aware of the "slow burn" costs of a cyber security incident, which can "dramatically increase" the final bill over time.
According to the report, average insurance industry losses from the cloud service provider hack scenario range from as low as $620 million for a large loss to as high as $8.1 billion for an extreme event.
"We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence", continued Beale.
According to Lloyd's, cyber insurance cover is more hard to model and understand than natural catastrophe cover.
The insurance gap could be as high as $26bn for the mass vulnerability scenario - meaning that just 7% of economic losses are covered.
It comes as insurance firms attempt to grasp the potential damages of a cyber-related attack.
Lloyds has about one-quarter of the emerging area of cyber insurance and says risks are more hard to model than natural disasters due to the human element, which means underlying assumptions can change quickly.
Talking of the challenges cyber-risk modeling presents, Cyence said: "The world's companies are increasingly realising that cybersecurity is not just a technical problem but a business risk".