The Silent cyber risk outlook report highlights the key findings from the study, in which practitioners were asked to evaluate the extent to which, over the next 12 months, the cyber aspect of exposure would increase the likelihood of a covered loss.
Examples of silent cyber exposure could include a cyber attack on an industrial plant's control system causing a boiler explosion, leading to extensive property damage and business interruption, or malware causing an elevator to fail, resulting in multiple casualties
While a policy payout will depend on the specifics of individual wordings and occurrences, such examples illustrate how silent cyber events can push up loss ratios on policies not specifically meant to cover cyber risk.
"Buyers of insurance have to consider the exposure they have in relation to the rising prominence of cyber-related incidents. The results of the survey have reinforced the need for a holistic cyber risk insurance strategy and tailored insurance policies to address the risk adequately", Anthony DAGOSTINO, Head of Global Cyber Risk, WILLIS Towers Watson, said.
The results of the study were different depending of the industry group: IT/utilities/telecoms and financial services were seen as higher risk, perhaps reflecting perceived threats to utility infrastructure. Although some of the most well-known silent cyber property losses to date have occurred in industrial settings, respondents did not foresee especially high risk for the construction, engineering and industrial, manufacturing and natural resources groupings, which were also seen as relatively low risk for other liability losses.