The industry for cyber insurance has been around for 25 years this year.
Young underwriters may believe that cyber insurance is a relatively new form of insurance, yet it has been around for more than two decades. In this article, cyber insurance industry veteran Kurtis Suhs provides a first-hand account of the growth of the sector from his point of view and an analysis of the current market. Kurtis Suhs began his career as an investigator and criminal coordinator for the FDIC before moving on to become a broker for INSUREtrust in the late 1990s.
The first cyber insurance was envisioned and created in 1997 to handle a risk that financial authorities at the time believed existed. However, many industry analysts see cyber coverage as a growing problem as a result of the increasing frequency of random attacks. The world’s insurance markets are currently dominated by the hottest, fastest-growing segment of the cyber insurance journey, which was started to guard against a little-known exposure of Internet fraud related to cyber risk.
Federal bank regulators and financial regulatory bodies gathered in Atlanta for a seminar on fraud in 1995. The world’s first Internet bank, defined as having no physical branches or brick-and-mortar presence, Security First Network Bank, a licensed bank in the state of Georgia, presented its proposed business model to officials as part of the agenda. A simple value proposition was presented using the Netscape browser, along with drawn pictures showing the interconnectedness of various parties involved in a normal financial transaction.
While interested, conference attendees expressed worries regarding risk management procedures, security, and financial soundness difficulties. The main worry concerned the bank’s capacity to supply online banking services securely in the face of the potential hazard of financial institution fraud exposure and bank asset hacking. The fundamental necessity for insurance protection to safeguard the organization in the case of an unanticipated data attack or fraudulent incidence was one of the recommendations made.
Security First Network Bank’s insurance broker in Atlanta was tasked with obtaining insurance to shield the online-only bank against Internet risk. But at the time, there was no protection against web-related risks. While technology insurance carriers believed the unseen bank risks should be covered inside specialised Financial Institutions lines, insurance bank underwriters saw such exposures as technology risk. Steven Haase, an insurance agent, foresaw the demand for hacker insurance. In order to introduce the first cyber insurance policy at the height of the dot.com period, he later established Network Risk Management Services LLC (later known as INSUREtrust.com) as a managing general agency (MGA).
Founded on the idea of Highly Protected Risk, the MGA’s model was based on a tried-and-true method for insuring particular at-risk business operations (HPR). Engineering-based risk management evaluations were used by construction property insurers to build insurance plans for modern sprinkler systems that are used in commercial settings.
Construction engineers would identify property risk and develop standards for adherence by the insured under commercial HPR insurance. The insured might be certified as an HPR, which has intrinsic benefits such as favorable premium rates and pricing options, once they adopted system criteria and procedures for achieving specific coverage requirements. The engineers would undertake regular compliance checks to ensure that the policy’s coverage would remain in effect.
“Unfortunately, many companies and insurance applicants may not be able to meet the minimum information security insurance standards or may choose not to obtain cyber insurance due to prohibitive cost hurdles.”