The insurance sector is considerably less concerned about silent cyber exposures than it was in 2018, according to a new report by broker Willis Towers Watson (WTW).

The finding applies to all commercial lines of business and industry groups, according to the 2019 Silent Cyber Risk Outlook the annual global survey by Willis Re, the reinsurance division of Willis Towers Watson.

The survey measures the expectation of more than 600 insurance professionals (including a cross section from claims, underwriting, legal, broking, and analytics) that cyber exposures will increase the likelihood of a covered claim over the next 12 months under insurance policies not specifically designed to cover cyber risk. The significant fall in silent-cyber claims expectations among respondents could result from an absence of wide-scale cyber events in the 12 months prior to the survey, in contrast to 2018, when the NotPetya and WannaCry malware events remained fresh in the collective memory.

In property, the number of respondents expecting more than one new cyber claim for every 100 non-cyber claims decreased by 26 percentage points since 2018. Notably, other liability as a class is now broadly perceived as more vulnerable to cyber risk than property. There too the expectation of new claims has declined, although unlike property it remains higher than in 2017, when the survey was first conducted. This may result from highly publicised data-breach losses throughout the period, which may be perceived to lead to third-party claims.

The one exception to the reduction in silent cyber claims expectations is a the most extreme end of the expectation spectrum where the number of respondents who expect one new cyber claim for every new non-cyber claim increased in every line between 2018 and 2019. Although the numbers are small, the most sizable rise was in property, where the percentage of respondents with this claims expectation increased from 1% to 1.9%.

On a more general level, commercial account size plays a noticeable role: respondents are more likely to expect more cyber-related claims when accounts are large, and to expect a decline when they are small.

In personal lines, cyber-related claims expectations are seen as lower than all commercial lines other than workers compensation.  The survey did not cover personal lines last year but there has been an uptick in claims expectations since 2017, perhaps reflecting the increasing levels of technology now in use in homes and vehicles.

Perceived cyber risk by industry group* is similarly lower across the board. For property in 2018, for example, more than half of respondents thought the cyber risk factor was more than 1:10 in all industry groups. In 2019, no industry group exceeded that threshold.  On a relative basis, however, there has been little change.  IT/Utilities/Telecoms is still perceived as the most vulnerable industry group in property and other liability and the same goes for Financial Services in D&O and E&O. 

Mark Synnott, Global Cyber Practice Leader, Willis Re, said: “Multiple factors may be at play in these findings. While it is likely that publicity surrounding cyber loss events has had a good deal of impact on the findings, I expect that insurers’ efforts to manage their non-affirmative cyber exposures, particularly in property lines, are responsible for some of the increased comfort they feel. In the face of regulatory and boardroom pressure, many insurers have taken steps to mitigate their silent-cyber exposure.”