More Frequent Cyber-Related Losses Expected over Next 12 Months

According to findings from Willis Re in its annual Silent Cyber Risk Outlook global survey,¹ around half of insurance industry practitioners see the risk of "silent cyber" exposure—potential cyber-related losses due to silent coverage from insurance policies not specifically designed to cover cyber risk—as growing over the coming year.

Around half of respondents felt that the risk of a silent cyber loss from property or other liability was greater than 1 in 100 while close to a quarter considered the risk to be greater than 1 in 10, illustrating the degree of uncertainty surrounding potential exposure, Willis Re said of the results.

Large cyber attacks, like WannaCry or NotPetya, are expected to be more frequent, with over 60 percent of respondents stating they anticipate these occurring at least once every 5 years, said Willis Re.

Anthony Dagostino, global head of Cyber Risk Solutions, Willis Towers Watson, said, "The insurance market considers 'silent cyber,' or cyber-related losses under policies where cyber risk isn't specifically included, to be a far greater risk than ever before.

"The 2017 WannaCry and NotPetya attacks highlighted this risk and potential damage across all business areas—causing significant concern around silent cyber. This increased risk perception has highlighted the need for specific cyber coverage, but competitive market conditions are limiting the scope for coverage or pricing adjustments to be made in other lines of business."

Willis Re said examples of silent cyber exposure include a cyber attack on an industrial plant's control system causing a boiler explosion, leading to extensive property damage and business interruption, or malware causing an elevator to fail, resulting in multiple casualties.

While a policy payout will depend on the specifics of individual wordings and occurrences, such examples illustrate how silent cyber events can push up loss ratios on policies not specifically meant to cover cyber risk, according to Willis Re.

Mr. Dagostino said, "Buyers of insurance have to consider the exposure that they have in relation to the rising prominence of cyber-related incidents. The results of the survey have reinforced the need for a holistic cyber-risk insurance strategy and tailored insurance policies to address the risk adequately."

The results of the survey varied by industry group, said Willis Re. Information technology, utilities, telecommunications, and financial services were seen as higher risk, perhaps reflecting perceived threats to utility infrastructure. Interestingly, Willis Re observed, although some of the most well-known silent cyber property losses to date have occurred in industrial settings, respondents did not foresee especially high risk for the construction, engineering and industrial, manufacturing, and natural resources groupings, which were also seen as relatively low risk for other liability losses, perhaps indicating that as these industries accumulate less personal data from the public, they are therefore seen as less exposed to other liabilities.

1. Close to 700 participants from over 100 insurance and reinsurance companies were surveyed globally across 5 business lines, including first-party property, other liability (including auto), workers compensation, errors and omissions (E&O), and directors and officers (D&O).