Both commercial and personal lines insurers are facing growing ‘silent cyber’ exposure and must consider risk mitigation strategies, according to Willis Re, which is calling for the development of a “viable” cyber reinsurance market.
“Silent cyber is embedded cyber coverage that is in non-specific cyber policies – so traditional insurance policies where insurers may not have contemplated the cyber element of exposure and therefore may not have quantified it,” Mark Synnott, global cyber practice leader at Willis Re, told Insurance Business.
In an increasingly digitised world, with a “dramatic increase” of connected devices expected in the next few years, as well as continued growth in cloud provision for data, insurers in all sectors are facing growing exposures.
“We’ve had enquiries from insurers of personal lines who are concerned about silent cyber and are trying to quantify what their downside potential might be. Handheld devices and other connected devices are just as likely to impact personal lines insurers than they are commercial lines insurers,” Synnott explained. “Our perception is that it’s a broad industry phenomenon, rather than focusing on any one sector of the industry.”
But insurers are struggling to quantify their levels of exposure, because there is no clear mechanism for assessing it.
“Most insurers that we know of are trying to assess their exposure by constructing scenarios of worst case outcomes, or what the Lloyd’s market terms realistic disaster scenarios,” Synnott said, adding estimates among insurers can differ widely.
“Some insurance policies contain cyber exclusions, some do not, and it’s very difficult to determine how the courts might adjudicate the application of any cyber exclusions that might be in an insurance policy. It’s a confused landscape, and it’s a difficult task, but the only mechanism at the moment is the construction of these disaster scenarios and trying to then put your best guess as to how bad your loss might be,” the cyber leader explained.
Once insurers have conducted their internal assessments, they should be looking at risk mitigation strategies, with reinsurance at the top of the list.
“We are looking to encourage the reinsurance market to extend the level of coverage it’s prepared to offer, so that we can generate a viable and competitive reinsurance market so that in the same way that insurers transfer property risks into the property catastrophe reinsurance market, we hope that they will be able to transfer their cyber risks, including silent cyber risks, into the cyber reinsurance market place,” commented Synnott.
As the exposure continues to grow, external stakeholders are likely to start paying notice too.
“The modelling companies are all trying to help their insurance clients assess what their downside potential might be, to both silent cyber as well as overt cyber. When they are able to quantify that exposure, I suspect that the ratings agencies and regulators will pay even greater attention and require insurers to take risk mitigation steps,” Synnott said, pointing to the UK regulator as having already “made noise” on the issue.
“It will be a growing issue,” he concluded. “I suspect it’s going to get increasing levels of attention.”
Related stories:
Willis Re highlights rise of silent cyber exposure
Huge Equifax breach exposes data of up to 143 million