While computers grew in popularity during the 1980s, it wasn't until the 1990s that they would really take off. Computer technology evolved a lot during these years, making it easier for average families to afford a personal computer. On top of that, the World Wide Web was made public in 1993, which led to a boom in personal computer users and a level of connectivity between devices that was never possible before.

Virus Scanners

In the early days of cybersecurity risk management, virus scanners were a lot more primitive than they are now. The earliest antivirus programs would simply take a list of known virus signatures and compare them to binaries on a computer. The problem with this was that it took a lot of processing power, which is something computers simply didn't have in the early '90s. False positives were also significantly more common, which led to even more headaches for the end-user.This software was also purely reactionary, working to identify viruses rather than preventing them in the first place.

In 1991, Symantec released the first version of Norton AntiVirus, which would become a staple on the antivirus software market. That same year, Grisoft (which would go on to become AVG Technologies) was also founded. F-Secure also released the first version of its antivirus software during this time, claiming to be the first antivirus company on the World Wide Web.


As personal computers became more prevalent, it became increasingly clear that viruses were a serious problem. This led to the foundation of the European Institute forComputer Antivirus Research (EICAR). This organization was created to further research viruses and antivirus software in an effort to gain a better understanding of viruses and create more effective antivirus software.

The most important work EICAR did was its work with the Computer AntiVirus ResearchOrganization (CARO). Together, EICAR and CARO created the EICAR test file, which was a simple executable file designed to test the integrity of antivirus software. The EICAR test file allowed researchers to understand which antivirus programs were compliant and effective.


When email boomed in popularity during the late 1990s, a new foundation was laid for the spread of viruses. The biggest example of a cybersecurity threat involving email is the Melissa virus. This virus arrived in the form of an email with a subject line reading "Important Message From [Username]." When users opened the attached Microsoft Word document, that document would then be mailed to the first 50 people on that person's mailing list via Microsoft Outlook. The creator of the Melissa virus, David L. Smith, was sentenced to 20 months in federal prison in 2002 as a result of spreading the virus.

The modern day type of email cyber threat is known as phishing and today accounts for more than 90% (no, that’s not a typo) of reported cyber attacks.*

In Part 3 of this series on The Evolution of Cybersecurity we'll explore cyber attacks in the modern era, including ransomware and credit cards.

Read our blog to learn ways to protect your business against phishing attacks.

*2021 Cyber Security Threat Trends Ebook, Cisco, copyright 2021.