The Cyber Year in Review

By Shawn Dougherty December 29, 2014

The year is quickly winding down; 2015 is only a few days away. As I sit here reflecting on the year, it's hard for me to believe that this is my 52nd consecutive Cyber Monday blog post — the last one for the year. When I first started writing the blog, I thought it might be difficult to identify a topic to write about each week. In hindsight, however, 2014 turned out to be an important year for cyber insurance. I rarely struggled for an issue to discuss.

While 2014 started with the Target data breach in the headlines, it was by no means the only company to make the news. Michael's, P.F. Chang's, Staples, Home Depot, and JPMorgan Chase were just some of the other major firms that suffered data breaches. Many healthcare providers and even governmental agencies were breached as well.

Just this past month, we witnessed how extensive the repercussions of a data breach can be after the Sony Corporation was breached by hackers called "The Guardians of Peace." Sony is now facing the wrath of unhappy employees whose personal information was accessed and released, as well as the potential loss of hundreds of millions of dollars in revenue after several unreleased potential blockbuster movies were stolen and posted on the Internet before they could be released to the general public in theaters. Perhaps even more disturbing, the hackers subsequently made terrorist threats of 9-11 proportions at theaters choosing to show a new Sony film ("The Interview") that satirizes the leader of North Korea. As a result, Sony subsequently canceled the release of the film altogether.

Whether or not you believe that North Korea was behind the Sony breach and subsequent threats, it certainly feels like we’ve entered a new phase of cyber attacks. Attacks are no longer limited to stealing personal identifiable information (PII) or personal health information (PHI) for resale on the dark net.

Another aspect I found fascinating this year was the growth of the cyber insurance marketplace. Commercial firms of all sizes started to recognize the need for and purchased cyber insurance coverage. At the start of the year, a general feeling among some cyber insurance professionals was that 2014 could prove to be the tipping point for firms to realize the importance of having such coverage. The wheels have been set in motion for cyber insurance to become a staple of a risk's insurance portfolio, and we’re starting to see the take-up rate of cyber coverage grow exponentially. While I’m not yet convinced that we’ve reached that tipping point just yet, I do feel we’re certainly on our way. Not only are commercial insureds purchasing the coverage in greater numbers, but a greater number of commercial insurance carriers are beginning to make cyber coverage available. I believe that trend will continue into 2015.

Lastly, one of the cyber reports I read this year — The Betterley Report: Cyber/Privacy Insurance Market Survey 2014 — resonated with me, and I kept referring back to it throughout the year. In the report, the author, Richard Betterley, discusses his views on the future of cyber insurance and identifies several "opportunities" and "problems" related to the cyber insurance marketplace. In particular, one of the problems he identified: "Is there enough underwriting and claims talent?" With the continued growth of cyber insurance, I firmly believe this is one area the insurance industry needs to continue to focus on and invest in.

Cyber insurance is an expanding market and definitely a growth opportunity for insurers. To that end, there’s most certainly a need for them to invest in educating and training talented staff to address both cyber underwriting and claims.

I'm looking forward to what 2015 has to offer.

Best wishes for a happy and safe New Year.


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.