US businesses spent more than $US2 billion ($2.76 billion) on cyber insurance last year, and experts predict the figure will triple by 2020 as threats continue to grow.

The Insurance Information Institute (III) has released the figures in a white paper called Cyber Risk: Threat and Opportunity.

The report examines the origins of cyber threats – from foreign governments and criminal enterprises to disgruntled employees – and how US businesses can protect themselves.

It says an explosion of technologies, coupled with the increasing complexity of threats and changing regulatory expectations, is propelling cyber risk into “uncharted territory”.

Last year US data breaches hit a record high of 783, with 85.6 million records exposed.

Report co-author and III President Robert Hartwig says major data breaches such as the one suffered by health insurer Anthem – which exposed 78.8 million customers – have put cyber risk firmly in the limelight.

“A proliferation of high-profile cyber attacks and data breaches ensures businesses, governments, law enforcement, cyber-security experts and consumers around the world are paying close attention to the risk of cyber space and developing a corresponding response,” Dr Hartwig said.

Other examples of high-profile breaches include the hacking of Apple’s iCloud service, which resulted in nearly 500 celebrity pictures and videos being posted online.

In July Fiat Chrysler recalled 1.4 million Jeeps after it was shown that dashboard functions, steering, transmission and braking systems could be hacked.

The paper identifies three main obstacles for writing cyber insurance.

First is the complexity and rapidly shifting nature of cyber risk, resulting in “a changing range of perpetrators, targets and exposure values at stake”.

Secondly, the lack of historical actuarial data makes it difficult to write and price policies appropriately.

Finally, the “interconnected nature of cyber space” creates uncertainty around risk accumulation and aggregation, making it hard for insurers to assess the likely severity of attacks.

“How insurers manage these risks while creating products for this multibillion-dollar market opportunity as the legal and regulatory landscape becomes more defined will determine how well we are protected from cyber risks in the years to come,” the paper concludes.