The Silent cyber risk outlook report highlights the key findings from the survey, in which respondents were asked to assess the extent to which, over the next 12 months, the cyber aspect of exposure would increase the likelihood of a covered loss. Around half of respondents felt that the risk of a silent cyber loss from property or other liability was greater than 1 in100 while close to a quarter considered the risk to be greater than 1 in10, illustrating the degree of uncertainty surrounding potential exposure.
Examples of silent cyber exposure could include a cyber-attack on an industrial plant’s control system causing a boiler explosion, leading to extensive property damage and business interruption, or malware causing an elevator to fail, resulting in multiple casualties.
While a policy pay-out will depend on the specifics of individual wordings and occurrences, such examples illustrate how silent cyber events can push up loss rations on policies not specifically meant to cover cyber risk.
Anthony Dagostino, Head of Global Cyber Risk, Willis Towers Watson, said: “Buyers of insurance have to consider the exposure that they have in relation to the rising prominence of cyber-related incidents. The results of the survey have reinforced the need for a holistic cyber risk insurance strategy and tailored insurance policies to address the risk adequately.
Mark Synnott, Global Cyber Practice Leader, Willis Re, added: “The degree of concern over silent cyber exposure has confirmed the importance of the existing support we are giving to clients to help them better manage their known and unknown cyber exposures.
Over the last two years, our PRISM-Re modelling tool has allowed us to help underwriters and reinsurance buyers manage their entire cyber portfolio more effectively by identifying contagion risks, monitoring shifts in risk profiles and tracking their risk-adjusted pricing.
The results of our survey will help us calibrate PRISM-Re to accommodate silent as well as known cyber exposures.”
The results of the survey varied by industry group: IT/Utilities/Telecom and Financial Services were seen as higher risk, perhaps reflecting perceived threats to utility infrastructure. Interestingly however, although some of the most well-known silent cyber property losses to date have occurred in industrial settings, respondents did not foresee especially high risk for the Construction, Engineering and Industrial, Manufacturing and Natural Resources groupings which were also seen as relatively low risk for other liability losses, perhaps indicating that as these industries accumulate less personal data from the public, they are therefore as less exposed to other liabilities.
|
