1. Comment
  2. Comment
April 3, 2020updated 29 Jun 2020 4:46pm

Cyber Insurance: Timeline

By GlobalData Thematic Research

Cyber insurance is often seen as a new product that has been developed to protect businesses as their processes become increasingly digitised. However, variations of cyber cover were available towards the end of the 1990s. The combination of sudden and sustained growth in the number of businesses that require cyber insurance and heightened awareness about cyber-attacks has resulted in the development of standalone cyber insurance products that are far more complex.

Listed below are the major milestones in the cyber insurance industry, as identified by GlobalData.

1986 – The first Computer Fraud and Abuse Act was passed in the US

1988 – The first worm was created and deployed, crippling 10% of computers on the ARPANET.

1990s – Cyber insurance as an add-on to existing liability covers is developed for companies operating in the TMT and professional services sectors.

1995 – The dot-com boom begins fuelling considerable growth in the use of the internet, increasing global connectivity and in turn exposing more businesses to cyber risks.

2000 – Insurers begin to tighten up their cyber insurance policies to clarify the coverage offered. Many inserted specific exclusions into their policies.

2000 – The council of Europe drafted a Cybercrime Treaty to promote the international harmonisation of laws against computer crimes.

2002 – DDoS attack struck the 13 DNS root servers, knocking out all but five. This was the first attempt to disable the internet itself.

2003 – US regulators increasingly focus on the loss of personally identifiable information and its associated costs. The demand for cyber insurance increases across the market.

2008 – The National Cybersecurity Division of the US Department of Homeland Security released the Common Attack Pattern Enumeration and Classification resource, a publicly accessible taxonomy of attack patterns.

2008 – National Security Presidential Directive 54/Homeland Security Presidential Directive 23 formalised the Comprehensive National Cybersecurity Initiative, intended to establish a frontline defence against a full spectrum of cyber threats.

2010 – The increase in demand for cyber insurance products combined with the growing cyber risks faced by businesses leads to cyber insurance being increasingly sold as a standalone product.

2013 – US retailer Target suffered a data breach whereby the personal data of 40 million credit card customers was compromised.

2014 – Serious data breaches were suffered by Sony Pictures, JP Morgan, and Apple’s iCloud servers in China.

2015 – Serious data breaches were suffered by the US Office of Personnel Management, TalkTalk, and Ashley Madison.

2016 – A string of high profile data breaches and the associated costs illustrate the need for cyber insurance regardless of the industry a business operates within, driving greater demand for cyber insurance products.

2016 – Yahoo revealed a 2014 breach of 500 million users’ personal details – the largest such breach in history.

2016 – The EU NIS Directive comes into force.

2016 – 12 Russian intelligence officers are charged for hacking Democratic officials in the 2016 US presidential elections.

2017 – Mondelez claims on its cyber insurance policy, underwritten by Zurich, for damages incurred as a result of the NotPetya attack. Zurich refuses to pay the claim, asserting that the attack was carried out by a foreign government and constituted cyberwarfare.

2017 – NotPetya attack targets Ukraine but spreads worldwide, costing companies an approximate $1.2bn. The UK and US blame the Russian military for carrying out the attack.

2018 – Hiscox launches CyberClear Academy to assist users worldwide.

2018 – GDPR comes into force, raising the profile of cyber insurance for businesses of all sizes.

2018 – BIBA launches cyber insurance guide for brokers.

2018 – Chubb enhances its cyber incident response management capabilities to a network operating in over 50 countries.

2018 – Intel reports Meltdown and Spectre vulnerabilities in its chips, which allows a rogue developer to read a chip’s memory.

2019 – Mondelez sues Zurich over its unpaid claim from the 2017 NotPetya attack.

2019 – Norsk Hydro is the target of a ransomware attack, costing the company £45m.

2020 – Hackers encrypt Travelex’s digital files, forcing the company to take down its website and resort to using pen and paper in some instances.

2021 – The global cybersecurity market is expected to reach $200bn.

2025 – KPMG estimates global cyber insurance market at $20bn in terms of premiums.

This is an edited extract from the Cyber Insurance – Thematic Research report produced by GlobalData Thematic Research.