Around half of industry practitioners see the risk of silent cyber exposure – potential cyber-related losses due to silent coverage from insurance policies not specifically designed to cover cyber risk – as growing over the coming year, according to Willis Re.
Silent cyber exposure
In the Willis Re survey, respondents were asked to assess the extent to which, over the next 12 months, the cyber aspect of exposure would increase the likelihood of a covered loss.
Around half of respondents felt that the risk of a silent cyber loss from property or other liability was greater than 1 in100 while close to a quarter considered the risk to be greater than 1 in10, illustrating the degree of uncertainty surrounding potential exposure.
Examples of silent cyber exposure could include a cyber-attack on an industrial plant’s control system causing a boiler explosion, leading to extensive property damage and business interruption, or malware causing an elevator to fail, resulting in multiple casualties.
While a policy pay-out will depend on the specifics of individual wordings and occurrences, such examples illustrate how silent cyber events can push up loss rations on policies not specifically meant to cover cyber risk.
Degree of concern
Anthony Dagostino, Head of Global Cyber Risk, Willis Towers Watson, said: “Buyers of insurance have to consider the exposure that they have in relation to the rising prominence of cyber-related incidents. The results of the survey have reinforced the need for a holistic cyber risk insurance strategy and tailored insurance policies to address the risk adequately.
Mark Synnott, Global Cyber Practice Leader, Willis Re, added: “The degree of concern over silent cyber exposure has confirmed the importance of the existing support we are giving to clients to help them better manage their known and unknown cyber exposures.”
The results of the survey varied by industry group: IT/Utilities/Telecom and Financial Services were seen as higher risk, perhaps reflecting perceived threats to utility infrastructure.
Interestingly however, although some of the most well-known silent cyber property losses to date have occurred in industrial settings, respondents did not foresee especially high risk for the Construction, Engineering and Industrial, Manufacturing and Natural Resources groupings which were also seen as relatively low risk for other liability losses, perhaps indicating that as these industries accumulate less personal data from the public, they are therefore as less exposed to other liabilities.