Cyber Insurance Blog

The History of Cyber Insurance

The History of Cyber Insurance

As technology and the internet evolved in the late 1990s, technology-related risks also expanded. More and more organizations were conducting their business online, so internet hackers began to look for ways to benefit financially from this new online world. The first cyber insurance policies were written to mitigate these emerging risks, focusing on online content or software. This marked the start of the history of cyber security insurance.

 Employee makes emergency call regarding a data breach.

The definition of cyber insurance lies in what it aims to protect, as it is designed to safeguard companies from the damage posed by evolving cyber security threats. Over the years, the technology and accompanying policies have grown extensively into a vibrant and volatile cyber insurance market. Today, internet-based technology is involved in nearly every aspect of life, from health care to home security. With that, the top cyber insurance companies have had to advance rapidly to keep up with ongoing threats.

How Cyber Insurance Evolved Over the Years

In the United States, the cyber security insurance policies of the 1990s covered online media, while others were errors in data processing (EDP) policies. An early cyber liability insurance policy’s coverages generally evolved from professional liability policies for software and media risks.

In the early 2000s, online media policies started to cover unauthorized access, network security, data loss, and computer worm or computer virus-related claims. Similar to most professional liability policies, a cyber insurance policy generally had many exclusions, including:

  • Rogue Employees
  • Wild Viruses
  • Regulatory Claims
  • Fines and Penalties
  • Dependant Business Interruption
  • Property Damage

In addition, writing a cyber risk insurance policy usually did not include both first-party and third-party coverage. It wasn’t until the mid-2000s that these policies evolved in response to cyber threats to include some first-party coverages to protect the organization itself and potential intellectual property. Updated policies began to cover things like:

  • Cyber Business Interruption Coverage
  • Cyber Extortion
  • Network Asset Damage

At the same time, some software-related policies started to evolve, adding sub-limits for HIPAA liability-related software errors.

During this period in the history of cyber insurance, the 2003 California Security Breach and Information Act came into effect. This greatly affected both exposure and insurance. Companies or organizations that were conducting business in the state now had to provide notifications to any affected residents of a personal data breach by an unauthorized party.


Before you continue reading, follow us on LinkedIn so you don’t miss any important cyber updates:

Following California’s lead, many other states passed similar laws. This had profound effects on the private sector. Cyber insurance companies quickly adapted, offering new first-party coverages such as IT forensics and information security, public relations, credit monitoring, and customer notification. New third-party coverages were also introduced for regulatory defense as well as fines and penalties that could be related to notifying the affected parties.

In the late 2000s, many coverages had only a small sublimit. This is because carriers and reinsurers were concerned about pricing for new exposures related to cyber risk. All of this made getting higher limits and placing excess exposures more difficult. The markets were simply not comfortable with other carriers’ forms, pricing, and sublimit structure.

High-Profile Data Breaches

In the 2010s, the number of carriers with stand-alone products grew to more than 50. Today, it is more than 100, and large claims and breaches have become more common. In fact, 2014 became known as “The Year of the Retail Breach,” with major cyber attacks on retailers including:

Company employees hold meeting discussing plans to improve data security.

  • Target
  • Neiman Marcus
  • White Lodging
  • Michael’s
  • P.F. Chang’s
  • Albertsons
  • Dairy Queen
  • UPS
  • Home Depot
  • Jimmy John’s
  • Staples

The following year, 2015, became “The Year of the Healthcare Breach,” with major health care providers affected, including:

  • Excellus BlueCross BlueShield
  • Premera Blue Cross
  • OPM
  • Anthem

Rather than slowing down, these attacks continue to increase, with more than 4.1 billion records exposed in the first half of 2019 alone. Many companies and organizations are increasing their cyber security budgets to prepare for future attacks.

Cyber attacks were the fifth biggest risk of 2020 in the global private and public sectors. Globally, the pandemic revealed the uncomfortable state of cyber security across businesses. In March 2020, Deloitte reported that the pandemic led to:

  • Delays in the detection and response to cyber attacks
  • Information and physical security gaps
  • Rapid increase in the number of cybercriminals
  • Remote work security risks

Since the start of the pandemic in 2020, cyberattacks have increased by 300%. In the United States, the average cost of a data breach was $8.64 million in 2020.

The pandemic necessitated increased remote work and interconnection across organizations, resulting in a slew of uncontrolled threats online. This unusual circumstance altered the cyber insurance market cycle and underlined the importance of comprehensive cyber risk coverage.

The frequency and severity of claims resulting from rampant ransomware attacks, data breaches, and money theft due to exploited business vulnerabilities became part of cyber insurance history. As a result of rising cyber attacks, cyber insurance has become one of the fastest-growing segments for U.S. property and casualty insurers.

In 2021, premium rates of the industry skyrocketed in response to the expansion of cyber claims and activities. The global cyber insurance market is forecasted to be a $20 billion industry by 2025.

Looking Toward the Future

As the cyber market has matured, insurers have refined their cyber insurance policies. The massive increase in cyber attacks due to ransomware, social engineering, and reliance of businesses on technology is forcing cyber liability insurance companies to develop all-encompassing policies that can cover a variety of attacks. In addition, most insurers now require multifactor authentication, data backup strategies, and access management tools that protect user credentials and valuable company data. A glimpse into the history of cyber insurance highlights the evolving and adaptive nature of the industry.

The industry is constantly shifting, and the range of pricing is wide since cyber risk insurance policies have to rapidly adapt to the market. In addition, cyber events are constantly evolving, so the risks that this type of insurance covers are forced to adapt. One carrier may offer a broad quote while another offers a more limited one at three to four times the premium. Furthermore, the carrier that aggressively quoted a risk last year could decline the risk later.

There are large differences between companies in terms of which cyber insurance markets are the best fit. The right fit with the top cyber insurance companies will vary not only by industry but also by size. For example, the markets that are most competitive for small retailers are not the best for larger retailers. The same applies to health care, professional service firms, and other industries.

The application process will also vary greatly by market and the size of the risk. Some applications have just five questions, while others have 100 and require a call with a third-party risk assessment firm. You will also see policies and add-on coverage that claim to be comprehensive but, in reality, cover very little.

For the foreseeable future, you can expect to notice more of the same. The norm in cyber insurance includes changing appetites and top cyber insurance companies leveraging underwriting technology and cyber insurance software. Expect to see a wide variety of forms, large differences in pricing, and new risk management services being added to policies.

Cyber insurance coverage cannot be ignored; in fact, it should be addressed with every client. It’s important to understand what to expect from top cyber insurance companies. Cyber insurance is a volatile market, so we recommend working with someone who has real expertise. They should be able to dissect differences in the forms and help you, as business owners, explain the coverage and exposure to your clients. They should also be able to make the distinction between general liability insurance and cyber liability coverage.

Ready to learn more? For both small businesses and large enterprises, having a cyber risk insurance policy is essential in the digital age. Check out our presentation on the history of cyber insurance.

For more information on cyber insurance and how to best protect your clients in this digital age, check out our FREE downloadable guide, The Six-Step Guide to Becoming Your Clients’ Cyber Expert.

Contact us to get started or call (484) 321-2335 to speak with a ProWriters expert today.

Subscribe to Our Monthly Newsletter!

    Comprehensive Cyber Risk Management Plan

    Your Guide to Cyber Security

    Download Now