The insurance sector is considerably less concerned about silent cyber exposures than it was in 2018, according to 2019 Silent Cyber Risk Outlook, the annual global survey published this week by ICMIF member Willis Re, the reinsurance division of Willis Towers Watson. The finding applies to all commercial lines of business and industry groups, says the report.
The survey measures the expectation of more than 600 insurance professionals (including a cross section from claims, underwriting, legal, broking, and analytics) that cyber exposures will increase the likelihood of a covered claim over the next 12 months under insurance policies not specifically designed to cover cyber risk. The significant fall in silent-cyber claims expectations among respondents, says Willis Re, could result from an absence of wide-scale cyber events in the 12 months prior to the survey, in contrast to 2018, when the NotPetya and WannaCry malware events remained fresh in the collective memory.
In property, the report says, the number of respondents expecting more than one new cyber claim for every 100 non-cyber claims decreased by 26 percentage points since 2018. Notably, other liability as a class is now broadly perceived as more vulnerable to cyber risk than property. There too the expectation of new claims has declined, although unlike property it remains higher than in 2017, when the survey was first conducted. This may result from highly publicised data-breach losses throughout the period, which may be perceived to lead to third-party claims.
According to the report, interestingly, the one exception to the reduction in silent cyber claims expectations is a the most extreme end of the expectation spectrum where the number of respondents who expect one new cyber claim for every new non-cyber claim increased in every line between 2018 and 2019. Although the numbers are small, the most sizable rise was in property, where the percentage of respondents with this claims expectation increased from 1% to 1.9%.
On a more general level, notes Willis Re, commercial account size plays a noticeable role: respondents are more likely to expect more cyber-related claims when accounts are large, and to expect a decline when they are small.
In personal lines, cyber-related claims expectations are seen as lower than all commercial lines other than workers compensation. The survey did not cover personal lines last year but this year’s edition notes that there has been an uptick in claims expectations since 2017, perhaps reflecting the increasing levels of technology now in use in homes and vehicles.
Perceived cyber risk by industry group* is similarly lower across the board, says the report. For property in 2018, for example, more than half of respondents thought the cyber risk factor was more than 1:10 in all industry groups. In 2019, no industry group exceeded that threshold. On a relative basis, however, there has been little change. IT/Utilities/Telecoms is still perceived as the most vulnerable industry group in property and other liability and the same goes for Financial Services in D&O and E&O.
Mark Synnott, Global Cyber Practice Leader, Willis Re, said: “Multiple factors may be at play in these findings. While it is likely that publicity surrounding cyber loss events has had a good deal of impact on the findings, I expect that insurers’ efforts to manage their non-affirmative cyber exposures, particularly in property lines, are responsible for some of the increased comfort they feel. In the face of regulatory and boardroom pressure, many insurers have taken steps to mitigate their silent-cyber exposure. A number of tools now exist for insurers to measure and quantify this changing risk, such as Willis Re’s PRISM-Re cyber model.”
Peter Foster, Chairman, Global FINEX Cyber and Cyber Risk Solutions, Willis Towers Watson, said: “The cyber market is evolving with the peril. These findings show that, even as demand for cyber coverage continues to increase, especially in territories like the U.S. and the U.K., insurers and others in our industry are making progress in gaining control over silent-cyber exposures. It will be interesting to see if 2018 marked the high-point of concern, or if other factors such as future high-profile loss events again change the direction of silent-cyber claims expectations in 2020.”
The complete report is available for download.
Established in 2017, Willis Re’s Silent Cyber Risk Outlook survey runs annually to monitor the insurance industry’s perception of silent cyber risk.
*Industry groups surveyed include construction/engineering/real estate, transportation/shipping, hospitals/medical facilities/life sciences, public sector/universities/educational institutions, IT/Utilities/telecom, industrial/manufacturing/natural resources/energy, financial services, retail/hospitality, commercial and professional services.