The OECD says insurance should be considered an essential part of nations’ cyber-security strategies, as the potential for catastrophic economic and commercial damages rises.

The international body says various barriers limit insurance markets’ contribution to managing the risk, and in a report it recommends a range of actions to address these.

Issues include the lack of historical data and an evolving risk that has made it difficult to develop trusted models, which causes insurers to apply exclusions and sub-limits to control exposures.

“The limited coverage available in the market, along with the complexity of the terms and conditions imposed, have led policyholders to question the value of cyber-insurance… in its current form,” the report says.

Economic and commercial operations have become increasingly reliant on digital technologies, which face constant threat of disruption due to human error or attacks.

The report says policymakers must find the balance between addressing risks and allowing wider digitalisation benefits.

“The role of the nascent cyber-insurance market in enhancing cyber resilience is increasingly being recognised by policymakers,” it says.

The OECD urges governments to consider incident disclosure requirements to improve data availability, and calls for greater public-private collaboration.

It says insurers, brokers and relevant associations have an important role in providing greater clarity about available coverage.

“The insurance market can greatly reduce the level of uncertainty by working towards a common terminology on risks and losses – governments should ensure that the insurance market is moving in this direction.”

It says governments should develop strategies for managing the financial impacts of a catastrophic event equivalent to the September 11 2001 attacks or Hurricane Andrew.