With some of the largest cyber-attacks occurring in recent years — from 2010 to 2019 — we are only beginning to understand the full extent of cyber risk. As businesses grapple with the risks of cyber-incidents and their imperfect ability to prevent them, attention has shifted towards risk management and insurance. While there have been efforts to understand the costs of cyber-attacks, the systemic risk — a result of risks spreading across interdependent systems — associated with cyber-attacks remains a critical and problem in need of further study. We contribute a theoretical framework that describes systemic cyber risk as the result of cascading, common cause, or independent failures following a cyber incident. We construct a quantitative model of cascading failures to estimate the potential economic damage associated with a given cyber incident. We present an interdisciplinary approach for extending standard sector-level input-output analyses to the cyber domain, which has not been done. We estimate the aggregate losses associated with firm-level incidents, a contribution to risk analysis and computational economic modeling. We use this model to estimate the impact of potential cyber incidents and compare model results to a case with known damages. Finally, we use the model of systemic cyber risk to consider the implications on the growing cyber insurance market and the need for broader cyber policy.