Insurance Sector Less Concerned about Silent Cyber Claims

According to Willis Re's latest annual global survey, titled 2019 Silent Cyber Risk Outlook, the insurance sector is considerably less concerned about silent cyber exposures than it was in 2018. The finding applies to all commercial lines of business and industry groups.

The survey measured the expectation of more than 600 insurance professionals (including a cross section from claims, underwriting, legal, broking, and analytics) that cyber exposures will increase the likelihood of a covered claim over the next 12 months under insurance policies not specifically designed to cover cyber risk. 

The significant fall in silent cyber claims expectations among respondents could result from an absence of wide-scale cyber events in the 12 months prior to the survey, in contrast to 2018, when the NotPetya and WannaCry malware events remained fresh in the collective memory, said Willis Re.

In property, the number of respondents expecting more than one new cyber claim for every 100 noncyber claims decreased by 26 percentage points since 2018. Notably, other liability as a class is now broadly perceived as more vulnerable to cyber risk than property. There too, the expectation of new claims has declined, although, unlike property, it remains higher than in 2017, when the survey was first conducted. This may result from highly publicized data-breach losses throughout the period, which may be perceived to lead to third-party claims, Willis Re said.

Interestingly, the one exception to the reduction in silent cyber claims expectations is at the most extreme end of the expectation spectrum where the number of respondents who expect one new cyber claim for every new noncyber claim increased in every line between 2018 and 2019. Although the numbers are small, the most sizable rise was in property, where the percentage of respondents with this claims expectation increased from 1 percent to 1.9 percent. 

On a more general level, commercial account size plays a noticeable role: respondents are more likely to expect more cyber-related claims when accounts are large and to expect a decline when they are small.

Perceived cyber risk by industry group is similarly lower across the board. For property in 2018, for example, more than half of respondents thought the cyber risk factor was more than 1:10 in all industry groups. In 2019, no industry group exceeded that threshold. On a relative basis, however, there has been little change. Information technology/utilities/telecommunications is still perceived as the most vulnerable industry group in property and other liability, and the same goes for financial services in directors and officers and errors and omissions. 

Mark Synnott, global cyber practice leader, Willis Re, said, "Multiple factors may be at play in these findings. While it is likely that publicity surrounding cyber loss events has had a good deal of impact on the findings, I expect that insurers' efforts to manage their nonaffirmative cyber exposures, particularly in property lines, are responsible for some of the increased comfort they feel. In the face of regulatory and boardroom pressure, many insurers have taken steps to mitigate their silent cyber exposure. A number of tools now exist for insurers to measure and quantify this changing risk."

Peter Foster, chairman, global FINEX cyber and cyber risk solutions, Willis Towers Watson, said, "The cyber market is evolving with the peril. These findings show that even as demand for cyber coverage continues to increase, especially in territories like the United States and the United Kingdom, insurers and others in our industry are making progress in gaining control over silent cyber exposures. It will be interesting to see if 2018 marked the high point of concern, or if other factors such as future high-profile loss events again change the direction of silent cyber claims expectations in 2020."