Cyber liability insurance is a very interesting type of risk coverage. It’s a little bit different than other lines of insurance. In this article, we’ll take a look at the current cyber insurance market, how it changes week to week, and the history of cyber insurance.
History of cyber liability insurance
Cyber liability insurance was first launched in the 1990s. Originally, cyber insurance was to cover the “.com” companies because those companies were very vulnerable to things like the destruction of data, hacking, changing code, and even computer viruses. Then, in the early 2000s, some states like California passed laws that stated if a company’s customer data is breached, the company is required to notify the customer.
So let’s say you’re a major bank and somebody hacks your system and downloads all your customer’s information. Names addresses, phone numbers, social security numbers, driver’s licenses, etc. Now you have to notify all those consumers and you may have some liability. You may have some costs to give them for credit protection or to pay fees. Since that happened in the early 2000s, now cyber liability insurance has morphed into something that is data protection and coverage for those losses. This is the biggest priority for cyber liability insurance, even 20 years later. There have been more data protection laws, but now you also have ransomware where hackers know that these laws are in place. They’ll hack your system, get your customer data, and they’ll tell you if you don’t pay us a ransom we’ll release it or we’ll delete it from your system.
Cyber insurance today
Cyber insurance is different from other types of insurance like fire insurance or GL general liability insurance because it hasn’t been around as long. Fire insurance has been around for a hundred years, general liability insurance has been around for decades, but cyber liability insurance has only been around for maybe 20-30 years depending on how you calculate it. And there’s a lack of historical data so predicting the cost of the losses is difficult for insurance companies. So, therefore, coming up with the rates is also difficult. Making it more challenging, even if you knew exactly what the losses were for the last two years it changes, this year and next year will have different types of losses because hackers and cyber protection is morphing every year into different types of risk and losses.
As an example, the exfiltration of data is now becoming more popular than just hacking and ransomware. Even as recently as three years ago in 2019, cyber insurance had to scramble quickly to cover the reality of ransomware attacks. This was a variation of a version of malware that was different than just scrambling systems. It used to be that black hat hackers would go in and lock down a system or erase a system just for fun. Now they lock people out from their company’s records until they pay a ransom. And usually, they get the ransom in some type of digital currency so that way they’re not trackable as a hacker. What this did was it raised the rates for cyber liability insurance at first because it was happening, but smart cyber companies realize that they can mitigate these risks by requiring their insureds to have certain types of protections. They put that into their underwriting.
So if you’re applying for a cyber policy, they’re going to ask you what are your policies for cyber defense. Do you have two-factor authentication? Do you have proper password management? And firewalls within your data? If you have that you may be able to get more reasonable coverage and more reasonable premiums. In reality, insurance companies don’t want claims any more than you do so they’re going to help you as an insured reduce the frequency and severity of cyber attacks. They’re going to do that by sharing the data from other insureds to help you put policies in place in your company to keep you from having a claim in the first place. Two-factor authentication is one of those things. Another one is called endpoint detection or EDR. And this is a tool that will detect and block malware before it gets into a network. It’s a way of matching and verifying data coming into your network. Also with exfiltration, there’s the monitoring of large volumes of data coming offloaded from your system. The fact that these insurance companies have seen even 10 or 15 years, they have this loss data and they can use this to help prevent future losses where you as a company never have seen a cyber loss. The insurance company knows what’s out there and they can help you prevent it. And by putting those policies in place, you can prevent a loss in the first place and maybe even get better rates.
The other thing to look at is that the losses are coming not necessarily from accidents. If you have a fire in your building or you have some type of damage, those are usually accidents. The problem with hacking is hackers are doing this on purpose. They have monetized cybercrime and it makes them a lot of money. And they’re innovative. They change to adapt to prevention and defense against threats. A good insurance company will help you see that and put things in place and maybe even quarterly or semi-annually tell you about the new preventative measures you can put in place and sometimes even require them as a prerequisite for keeping coverage.
The bottom line is that cyber losses and cyber risks are not going away. Everything is going more digital and the digital economy is expanding. So there’s going to be more vulnerabilities not less. But there’ll also be more technologies to defend against it as the cyber defense and cyber insurance markets start to come together and help companies prevent having a loss because look your worst day is going to be when you have a loss even if you have insurance for it, you’re still going to be faced with a very challenging workflow for that day week month even for several months, the fact that there’s $10 billion in premiums for cyber insurance written in the last 24 months the last 12 months is a big deal. They’re estimating that not too long in the future there might be $50 billion in premiums written within the decade. So if you have questions about cyber insurance, you can check out our website. We’re glad to be of assistance but remember to get with a good insurance agent or broker in your area that covers your business to get good coverage that matches exactly what you want.