Insurers can follow five cyber-loss processes to build up coverage in what is expected to be one of the industry’s fastest-growing markets, according to a new report.

The processes cover cyber-data exfiltration, denial-of-service attacks, cloud service provider failure, financial transaction cyber compromise and cyber extortion.

The research was conducted by catastrophe risk management group RMS and Cambridge University, and is supported by leading industry specialists including Aon Benfield, Axis Capital, Renaissance Re, Talbot Underwriting and XL Catlin.

RMS CEO Hemant Shah says the report aims to help the industry “understand the correlation space for this new class of exposure”, because cyber threats know no bounds, unlike the coverage for natural hazards and industrial risks.

“We know to be wary of writing two industrial risks along the same river basin, and the role flood defences play in mitigating loss,” Mr Shah said. “With cyber risks, the contours of systemic accumulation are not as clear.”

The five cyber-loss scenarios have the potential to cause wide and correlated losses, and the report lays out ways to structure the data an insurer should be accumulating.

“These scenario models provide a capability for insurers to carry out routine monitoring of their aggregation risk, assessing what their likely claims payout would be to these benchmark extreme events as their portfolio grows,” the report says.

“They provide useful pointers to use in setting a company’s risk appetite.

“We believe using these scenarios will help companies improve their knowledge of the cyber peril and help them gain confidence in establishing their risk appetites for insuring cyber.”

The report says the regulatory landscape is undergoing dramatic change, as governments and judiciaries look to stiffen penalties for cyber crimes. Australia is among the countries developing their own information security laws and regulations.