Cyber insurance premium written last year totalled about $US2.5 billion ($3.48 billion), and is expected to triple to $US7.5 billion ($10.44 billion) by 2020, according to PricewaterhouseCoopers.

“Cyber insurance is a potentially huge, but still largely untapped, opportunity for insurers and reinsurers,” a report says.

Premiums are high, with the cost of cyber cover about three times that of established general liability insurances.

“Part of the reason for the high prices is the still-limited number of insurers offering such coverage, though a much bigger reason is uncertainty around how much to put aside for potential losses.”

Insurers and reinsurers look to impose a ceiling on potential losses through restrictive limits, exclusions and conditions, the report says.

“However, many clients are starting to question the real value these policies offer, which may restrict market growth.”

There were nearly 43 million cyber-security incidents detected last year worldwide – more than 100,000 a day – according to a PricewaterhouseCoopers survey of security, IT and business executives.

“The financial impact keeps rising and has, in some cases, run into tens of millions of dollars.

“Insurers could face a rapid succession of severe losses, making it harder to absorb the impact or subsequently rebuild the balance sheet in the same way as following a catastrophe event.”

Breaches are more costly for organisations with revenue above $US1 billion ($1.39 billion): average losses for such groups grew from $US3.9 million ($5.4 million) in 2013 to $US5.9 million ($8.18 million) last year.

About 90% of cyber insurance is bought by US companies, but only about one-third of businesses in the US have it.

The UK market is less developed: only 2% of companies have standalone cyber insurance.

Take-up varies by industry, with only 5% of US manufacturing businesses holding standalone cyber cover, compared with 50% in the healthcare, technology and retail sectors.

Cyber is unlike any other risk insurers and reinsurers have underwritten, due to limited historical data on the scale and financial impact of attacks, the report says.

“The difficulties created by the minimal data are heightened by the speed with which the threats are evolving and proliferating.”

A report from the UK Government estimates the insurance industry’s global cyber-risk exposure is already about $US150 billion ($209.12 billion). While potential losses are on a par with natural catastrophes, incidents are much more frequent.

To grow the cyber-coverage market, insurers should include more rigorous risk evaluation, built on data, analysis and partnerships with government, technology companies and specialists, the report says. “Rather than simply relying on blanket policy restrictions to control exposures, insurers should make coverage conditional on regular risk assessments of the client’s operations.”

Insurers must also improve their own cyber security, because they hold considerable amounts of sensitive client data, the report says.