A lack of common language is one of the biggest challenges brokers face when trying to sell cyber insurance, a US report says.

The Council of Insurance Agents & Brokers’ (CIAB) second biannual Cyber Insurance Market Watch survey interviewed 65 brokers from 56 businesses.

It shows only one-quarter of clients have cyber insurance, up 1% on the previous survey.

CIAB President and CEO Ken Crerar says cyber presents a “unique challenge for brokers” because the technical language is foreign to most buyers “and there are no common, agreed-upon terms across the industry”.

Most cyber policies are tailored to clients, rather than on standardised forms, the survey shows.

Buyers are motivated by several factors, but 38% of broker respondents believe the primary driver for small and medium organisations is risk transfer. This jumps to 51% for larger companies.

Following risk transfer is “post-event response” that brokers and carriers provide.

“Cyber insurance is not a substitute for a strong defence network,” Mr Crerar said.

“Carrier and broker resources can help a firm identify its network weaknesses and evaluate its response plan.

“But when all that fails – and it will – the financial backstop insurance provides can help a firm recover and get back to business.”

Brokers say capacity is generally available, but it can be challenging to obtain adequate limits for clients in high-target industries such as technology, finance and healthcare.

One broker serving the middle market says there is “more capacity emerging at the low end of the market, in classes least exposed – classic toe-dipping by the newer players. Capacity constriction is taking place in working program layers in higher-exposure industry segments.”

The average cyber policy limit is about $US3 million ($3.94 million), compared with $US2.4 million ($3.15 million) in the CIAB’s October survey.

The average largest limit among respondents is about $US52 million ($68.26 million), up slightly from $US50.7 million ($66.55 million) in October. The largest package assembled remains $US500 million ($656.31 million).

“The market has a lot of maturing to do,” Mr Crerar said.

“Only 35% of our members’ clients have an information security program in place with capabilities covering prevention, detection, containment and response/eradication.”