Cyber insurance is a profitable line for new market entrants and is expected to grow significantly over the next decade, but with this comes a raft of new risks, according to a report by Fitch.

Limited historical loss data makes pricing challenging, while the nature of cyber risk and the variety of potential events add to complexity in quantifying risk aggregation and loss potential.

“A lack of standardised policy language and terms can also lead to meaningful differences in individual carriers’ product offerings, which is a source of confusion and uncertainty for policyholders,” the ratings agency says.

Despite this, Fitch expects cyber-insurance business to be ratings neutral for most highly rated insurers with sound underwriting, because it accounts for only a small part of their overall premium volume and risk exposure.

Insurers that lack cyber-underwriting expertise, poorly manage their risk or fail to recognise loss potential from “silent” cyber exposure in traditional products may face pressure on earnings, capital or even ratings if large loss scenarios emerge.

Excessive cyber-risk aggregations in specific insurers may not become evident until after a large or catastrophic cyber event.

Digital interconnectedness means insurers’ credit profiles will not benefit from geographical diversification as they do with other lines.

Instead, risk will be associated with factors such as whether it is exposed through having only one electronic payment processor or firewall system.

Increased cyber regulation in Europe and elsewhere is likely to drive demand for cover, as it has in the US, where an estimated 90% of global premium originates.

Next May the European General Data Protection Regulation will take effect, requiring stringent notification of data breaches, with fines up to 4% of turnover for data breaches.