In the United States, the period from 1994 – 2000 is often referred to as the ‘dot-com bubble,’ a time where the country experienced a massive amount of internet adoption. As part of this bubble, many of these dot-com companies and their investors implemented a ‘growth over profits’ mentality. This mentality not only occurred in investments, but also in the way these dot-com companies advertised and promoted themselves in an effort to build market shares as quickly as possible, whatever the cost. The United States also saw the evolution of another market sector – cyber liability insurance. In response to the dot-com bubble in the 1990s, cyber liability insurance gained popularity as a layer of protection for these new companies against unauthorized system access, computer viruses and data loss. Back then, companies had it easy compared to the cybercrime and data breaches that organizations deal with today. As we’ve seen with the evolution of cyber risks, cyber liability too has a seen a variety of changes in the first 20+ years of its inception.
In the Beginning
In the 1990s, the earliest form of cyber liability insurance generally included polices that covered online media or errors in data processing. During this time, policies typically excluded first-party coverage and had exemptions for rogue employees, regulatory claims, and fines and penalties. As these policies further evolved into the 2000s, policies started to cover unauthorized access, network security, data loss and virus-related claims. In addition, insurers updated policies to include first-party coverage that extended to cyber business interruption, extortion and network asset damage.
In 2003, California enacted the Security Breach and Information Act. This law required that a California business or state agency had to notify any resident whose unencrypted personal information had been accessed or acquired by an unauthorized person. Following suit, many other states passed similar laws, causing a domino effect for cyber insurance companies. It now became standard for insurers to offer first-party coverages for IT forensics and information security, public relations, credit monitoring and customer notifications, as well as third-party coverages for regulatory defense, fines and penalties.
Cyber Liability Insurance Today
In the past few years, we’ve seen a massive increase in cyber attacks due to social engineering, ransomware and malware. As more and more businesses become heavily reliant on technology, these attacks continue to evolve. Because of these exposures, cyber liability insurance companies are being forced to develop new policies that are broad enough to cover a variety of attacks while providing certain protections against business interruption risks rather than just data breach exposure. While there are positives to having these broad, all-encompassing solutions, there is a negative side including the confusing language and explanations to clients about the numerous exposure points that may or may not be covered. Check out our previous blog titled “5 Flaws We’ve Seen in Cyber Insurance Policies” where we discuss these issues more in-depth.
While there is still a lot of work to do, cyber liability insurance has come a long way since the 1990s. If you need help navigating cyber policy language or seeing what coverages might best benefit you, contact a Colony West representative today!