There are, though, other areas where big gaps in coverage remain, said Mr Fishleigh, such as cyber terrorism and cyber warfare where clear definitions do not yet exist. There is also a lack of standard wordings among all cyber-related policies and different products for the same risks can vary markedly, he added.

What is clear, continued Mr Fishleigh at the Risk Frontiers seminar held on Wednesday in London, is that the cyber insurance products that currently exist are supply- rather than demand-driven. "Insurers like cyber risk. It is a new product and a new revenue stream." Furthermore its evolving status means that insurers can still charge a relatively high rate for coverage.

Demand from risk managers is not at the same level as supply, noted Mr Fishleigh, largely due to business underestimating the value of the information it holds. "Most corporates have not quantified the value of their information so it is very difficult to insure it."

It is also difficult for buyers to tell which policies represent value for money and which are too expensive without an accurate assessment of the value of their information. "I don't think risk managers fully understand the risk," warned the cyber expert.

Corporates therefore have to make more accurate and effective assessments of the information they hold and how it should be treated—something that governments, unusually, are very good at, stated Mr Fishleigh. “If you cannot protect all of your data then you should consider segregating the most critical from the less critical and applying more stringent security to the former.”

Risk managers should also focus on improving board level understanding of cyber risk, establish standards for defining cyber attacks and cyber security and participate in information sharing initiatives where possible, such as the UK’s ‘hub and node’ pilot scheme.

The full extent of the threat that organisations face from malicious cyber criminals was made clear to the audience by an earlier presentation from IT security expert Paul. C. Dwyer, an advisor to the International Cyber Threat Task Force.

Mr Dwyer referred to the so-called ‘Dark Market’, an underground stock exchange where criminals can trade stolen personal data, malicious codes and viruses, hacking tools and expertise.

He highlighted cloud mobile technology and social media as the two biggest challenges currently facing risk managers.

Mr Dwyer also supported Mr Fishleigh’s view that risk managers must improve their own level of education and that of their board when it comes to cyber risk. “Education is the key. A CEO may get sufficient comfort as regards their IT security by talking to their head of IT but it is not an IT issue per se. The risk manager has to get his board to understand the complexity of cyber risk and the fact that it has a different profile to more conventional risks.”

Please sign up here to our full-time mailing list to ensure that you receive our weekly newsletter.

• More Insurance News