When you look at the history of cyber liability insurance, you must start with the growth of the technology and online world. The period between 1994 – 2000 is widely known as the “dot.com bubble.” It was a time when many companies adopted an internet presence. It was a period of massive growth, with many companies placing profits secondary to growth. The result was a massive amount of dot.com companies that were trading on the stock market with huge valuations but little by way of profits.
Not only did this lead to a massive bubble burst in 2001, but it led to the advent of nefarious parties trying to access data. Unauthorized computer access was far less savvy back then as it is today. Still, companies started to look for ways to insure against the risk. It was during this period of growth that companies started using cyber liability insurance. Since its start, the cyber liability sector has grown in complexity. Cyber liability insurance is a massive sector in the insurance industry, helping companies protect against all sorts of cyber risks.
What Is Cyber Liability Insurance?
Cyber liability insurance is a specialized type of liability insurance that companies can buy to pay for losses associated with cybercrime. Crimes include ransomware, malware, database breaches, and other acts. What it pays for includes the costs associated with data restoration, extortion from ransomware, legal fees, and regulatory fines. It has both first-party and third-party coverage.
First-party coverage pays for your direct costs associated with the loss. This coverage includes the actual costs to restore your data or website, regulatory fines, and ransoms. It also pays for public relations campaigns to offer goodwill marketing. Third-party coverage pays for the costs that your customers bear in the event of a cyber attack. These costs include credit monitoring and restoration. They also include any settlements that your company needs to pay, along with applicable attorney’s fees.
The Cyber Liability Insurance Starting Point
The first cyber liability insurance policies started in the 1990s. Insurance companies designed these policies to cover online media or errors in data processing. They focused on third-party coverage, excluding first-party coverage. There were many exceptions to coverage as well that included exemptions for rogue employees, and payment of regulatory claims, fines, and penalties.
The policies matured as the decade rolled on into the 2000s. The new breed of cyber liability policies now covered claims for unauthorized access, network security, data loss, and virus issues. This significantly broadened how cyber liability policies worked for companies. On top of that, policies began to include first-party coverage. This meant that companies could get coverage for business interruption, ransoms and extortion, and network asset damage.
The Passing of Consumer Protection Acts
California was the first to pass a consumer protection act, the Security Breach and Information Act. This was passed in 2003 and mandated that California businesses or any state agency were required to notify consumers if their encrypted, personal or private information had been breached. In other words, organizations must disclose the breach if someone accessed their records who shouldn’t have had access. This was the first, with many states following suit with laws doing the same or similar.
The result of these new laws was that cyber liability insurance companies needed to adapt to the change. Insurers began offering first-party coverage. The cyber liability coverage now included coverage for IT forensic analysis, data security, PR required after a breach, credit monitoring for affected consumers, and the cost of customer notifications. When it came to third-party coverage, there was coverage for fines, penalties, and regulatory defense cases.
Cyber Liability Insurance Demands Today
Today’s criminals work tirelessly to access official company sites. There is an increase in cyber threats that include social engineering, ransomware, and malware. The risk only increases as businesses become more reliant on cloud technology. Ultimately, the attacks continue to evolve; just as one security patch for malware gets added, experts discover a new malware threat. It’s a constant effort to prevent hacks and breaches.
Any business that has a presence online and conducts business using the web or cloud needs to protect itself with a cyber liability policy. Without one, the business would be on the hook for the massive costs of fixing breached systems, notifying and offering credit monitoring to customers, and dealing with the regulatory fines associated with a breach.
The Growing Need for Cyber Liability Insurance
It seems even large companies with unlimited resources can be the target of cyber crimes. In the 2010s, more and more carriers started offering cyber liability insurance as a stand-alone product. This occurred as more and more retailers suffered attacks.
In fact, 2014 is known as “The Year of the Retail Breach,” with many major consumer outlets getting attached and their security walls breached. The retailers included:
- Target
- Neiman Marcus
- White Lodging
- Michael’s
- P.F. Chang’s
- Albertsons
- Dairy Queen
- UPS
- Home Depot
- Jimmy John’s
- Staples
It seemed that no retailer was immune to attack. And these were companies with devoted security teams that didn’t have a solution to massive breaches. The little company with limited resources was also extremely vulnerable.
Cyber attacks shifted in 2015 to healthcare. Experts refer to this as “The Year of the Healthcare Breach,” with major companies like Excellus BlueCross BlueShield, Primera Blue Cross, OPM, and Anthem being the targets of breaches and massive headlines for the data breaches.
The Cost of Cyber Liability Attacks
In 2019, attacks continued to rise. The cost of the losses was in the billions, with more than 4.1 billion records breached and exposed in the year. Companies must devote more resources to planning against these attacks and be vigilant that employees follow the safest cyber protocols when handling consumer personal and private information.
In 2020, cyberattacks were the fifth biggest risk for private and public sectors. The pandemic only added to the problem. According to Deloitte, during the time of lockdown, there were:
- Detection delays and responses to cyber attacks
- An increase in information and security gaps
- More cyber criminals are seeking information or doing damage
- Remote work security risks
In fact, cyberattacks have increased by 300% since the pandemic started. The average cost of a data breach was $8.64 million. These are not small sums of money that a company must deal with.
The Future of Cyber Liability Insurance
Cyber liability insurance has become a necessity for companies. Fortunately for companies, insurance carriers have refined cyber insurance policies to meet the demands of the new market. Today, these policies cover more than they ever have and are an important loss recovery tool for companies that experience a breach.
Finding a policy that meets your budget can be challenging. Most small businesses can expect to pay anywhere from $900 to $1,500 per year for coverage. An insurance carrier will have its own underwriting guidelines, which makes the application process vary widely. Some carriers only ask five to ten questions, while others have an extensive questionnaire consisting of more than 100 questions.
One thing is for certain, most insurance carriers offering cyber liability insurance are aggressively marketing the product to businesses of all sizes. The market is open for all companies to get the coverage needed that protects their business from online cyber risks.