The rapidly growing cyber-cover market poses risks for insurers as they respond to rising demand for protection against data theft and other attacks, according to a Moody’s report.

Questions about the market abound, with no clear answers, due to insufficient historical data to guide insurers’ risk/return calculations and a lack of uniform industry codes on policy formulations.

Compounding the danger is the fact insurers, by offering cyber cover, have themselves become potential targets because they safeguard more high-value, sensitive client data.

“Given the uncertainties of this evolving market… we view expansion into the cyber-risk insurance market as similar to that of other high-risk/return product segments, such as terrorism and fidelity and crime,” the ratings agency says.

“The addition of a high-risk product with highly uncertain returns to insurers’ underwritten portfolios is credit-negative in the near term, as underwriters test the risk/return spectrum of the product.” 

There have been no reports of cyber attacks on general insurers, but the danger is ever present because insurers hold client data in a network of linked storage systems.

The fact that cyber thieves could break into major US life insurer Anthem’s computer systems in February shows nothing is impregnable.

“The nature of the data, and the fact that insurers frequently access and transfer it in their daily operations, makes them prime targets for cyber attacks,” Moody’s says.

“Failure to keep customers’ sensitive information secure from an attack, damage, loss or unauthorised disclosure or access could hurt an insurer’s business and financial condition, as well as cause reputational damage.”

Ace, AIG, Allianz and Zurich are among the 50-plus insurers currently offering cyber covers.

The US remains the largest market, with gross written premium of about $US2.75 billion ($3.82 billion).