Read the full report here
The respondents, a cross-section of the risk management, claims, underwriting, legal, broking, and analytics communities of 56 countries, believe the cause of losses will be divided almost evenly between data breach, ransomware, and business interruption. About 32% of respondents believe BI is the most likely source of loss, up from just 10% before the pandemic, as awareness of the coverage class has soared during the COVID-19 crisis. Data breach fell as the anticipated leading cause of loss, from 53% to 33% of respondents.
The forecast rise in post-COVID-19 losses may be a result of the sudden, wide-scale transition to remote working, since the shift has increased the cyber vulnerability of many businesses. Views on the perceived increase in frequency vary little by geography, but 68% of Asia-Pacific respondents predict a rise in severity, compared to only 37% of European risk specialists.
Expectation of a catastrophic cyber event leading to claims of $10 billion or more has increased since the pandemic. Before COVID-19, only 13% of respondents stated such an event was "likely" during the next five years. Today a third of respondents believe a $10 billion+ loss event is at least a five-year event. The concern is greatest in Asia-Pacific, where half of respondents see this potential frequency for cyber catastrophes.
Mark Synnott, Global Cyber Practice Leader, Willis Re, said:
"This year's survey shows quite clearly that risk professionals around the world believe that the pandemic has increased cyber risk, in some cases dramatically. They expect the insurance industry to respond, but unfortunately not in the way we might hope. While three quarters of the people we surveyed think demand for cyber cover will increase post-COVID-19, only 45% think supply will increase, which perhaps explains why three-quarters think the cost of cover will rise. The insurance industry has some work to do to ensure these expectations are not met!"
Established in 2017, Willis Re's Cyber Risk Outlook survey runs annually to monitor the insurance industry's perception of silent cyber risk.