Over the last 25 years, cyber insurance has gone from a niche product tackling a new type of risk to an innovative model – one that’s pushing the boundaries of what policies can offer and achieve. From the very start, CFC has been at the forefront of this journey. As cyber risk has grown into an existential threat for businesses large and small, our goal has remained the same: to deliver the broadest protection possible.
Best of all, it’s working. In a landscape where cyber threats escalate constantly, our 99.1% claims acceptance rate and service-led approach help businesses stay ahead. So what’s the secret to providing peace of mind, how is CFC driving innovation across the market, and, most importantly, what opportunities lie ahead?
Cyber in the ‘90s: An opportunity for growth
When CFC entered the cyber insurance market in the late 1990s, the landscape looked very different to today. Back then, we were one of just a handful of players offering cover for a risk few truly understood. The challenge wasn’t winning business from competitors; it was convincing businesses to buy cyber insurance at all. That challenge hasn’t disappeared, even as cyber grows towards being a $20 billion market. To this day, only 10% of small businesses purchase cyber protection, when cyber is in fact their biggest exposure. This represents a massive opportunity for growth.
Cyber is unlike any other insurance product. Most lines insure an asset – like a car or a property – against a range of perils. Cyber flips the model. Instead of insuring an asset against specific risks, it insures against a risk that could impact assets and operations. This fundamental difference, combined with the slow uptake of digital risk in traditional policies, created a need for a dedicated cyber market. And over the past 25 years, CFC has been at the forefront of building it, pioneering not just the policy language, but the thinking behind what cyber insurance can and should be.
Only 10% of small businesses purchase cyber protection. That’s a massive opportunity for market growth. Scott Bailey, Cyber Underwriting Lead
The 2000s to today: Leading the way with proactive services
Cyber insurance has never just been about handing over a cheque when something goes wrong. From the start, CFC helped redefine the model, bringing in risk mitigation services that detect and neutralize threats before they become costly incidents.
First, we introduced our in-house incident response team – something that sets us apart from the rest of the market. While other insurers outsource response to third-party providers, we built our own team of experts under one roof, from forensic analysts to crisis managers. That meant faster response times, tighter control over service quality, and the ability to deliver a seamless experience without competing for capacity. It was a game-changer, delivering real value to our clients at the moment they needed it most.
Then, we asked a simple question: what if we could help businesses avoid incidents in the first place? That mindset led us to pioneer proactive cyber attack prevention services, as well as our award-winning mobile app for cyber. The Response app creates a direct channel for our cyber security team to notify businesses of an imminent threat, enabling them to take mitigation steps before it becomes an issue. On the app, businesses can also access free advice from our cyber security team, quickly notify us of a cyber event, receive critical security alerts, and access security tools - built to help detect threats early, respond before damage is done, and support businesses before an incident ever occurs. In this sense, cyber insurance is about empowerment: with CFC, businesses receive enterprise-grade protection at a fraction of the cost, while our services work 24/7 to help keep them ahead.
The next chapter: The future of cyber at CFC
Over the years, CFC’s innovations haven’t just improved how we serve our customers, they’ve helped define what modern cyber insurance looks like. Most recently, we launched our Cyber Proactive Response (CPR) product, which built on that foundation with 30 enhancements, six exclusions removed and two world-firsts in coverage: contractually providing proactive cyber attack prevention services within the policy wording and ensuring access to not only unlimited reinstatements but a single aggregate policy excess irrespective of how many incidents are suffered, and even the ability to opt for a zero excess!
Cyber insurance gives businesses not just indemnity but also risk management and response services for a fraction of the cost a business would typically pay to procure those services independently. Scott Bailey, Cyber Underwriting Lead
What makes cyber unique is also what makes it complex: attacks don’t respect borders. A business in New York can be impacted by a hacker in Singapore in seconds. That same attack can then cascade through global supply chains, impacting partners, vendors and clients across continents. Of all the potential impacts, business interruption (BI) is still a key pain point, with slow settlements frustrating clients and brokers alike. We’ve already taken steps to fix this – CPR introduced interim BI payments as part of the policy – but we know the market can go further. Parametric cover is just one example of where we’re looking next.
CFC has always had the hunger to be ahead of the curve, to challenge the norm, strengthen cover, and rethink what insurance can do. That drive shaped us into one of the original leaders in cyber insurance and continues to push us forward. Innovation isn’t just a value we talk about, it’s in our DNA. It’s what got us here, and it’s what we’ll carry into the next 25 years.
Here's to the next 25 years of innovative insurance with CFC.
