Despite high-profile data breaches of companies such as Target, JPMorgan Chase, eBay and Community HealthSystems, 40% of cyber carriers say policyholders think theydon't need cyber coverage and 29% think they are covered underexisting policies, according to a survey conducted by Hanover Research andsponsored by ISO.

"Even though data breaches are in the news every week, manycompanies still don't recognize that cyber attacks are serious, andthat the costs associated with responding to one can be significantand generally not covered under current commercial insurancepolicies," said Shawn Dougherty, assistant vice president ofSpecialty Commercial Lines at ISO. 

And it's difficult to convince businesses they need cybercoverage when staff resources are limited. Just more than half ofthe respondents say their companies have no staff dedicated solelyto drafting cyber insurance policies. Nearly a third have a smallstaff of 1 to 5 people. Staff resources vary by size of carrier.More than two-thirds of medium-sized companies (those with premiumsbetween $250 million and $1 billion) do not have dedicated cyberunderwriters, but 57% of smaller carriers (less than $250 millionin premium) have at least one employee, and nearly 30% of largecompanies (more than $1 billion in premium) have a substantialstaff of 11 or more working to draft cyber policies.

The survey of 271 insurance professionals found that the marketis small but growing among carriers currently offering cyberinsurance. Although the majority of companies' direct writtenpremiums for cyber coverage are less than $10 million, 75% expectto sell more cyber insurance next year–of which 14% expect tounderwrite between 25% and 50% more. Of those not offering cybercoverage at the moment, 11% will roll it out in the next year, andan additional 47% say their companies are considering offeringcyber coverage in 2015.

When separated by size, the survey offers more insight intogrowth expectations:

Tellingly, the companies that do not expect growth in the futurespecialize in the most common areas of cyber coverage, such as databreach expenses and business interruption, while those that expectgrowth offer cyber extortion, cyber reward, social media liabilityand public relations expenses. 

Next page: The most serious cyber risks andhazards

Data breaches are considered the most serious cyber risk facingbusineses today, but one third of respondents say that cyber crimeis more dangerous. When asked about what information they considerto be the most important when underwriting cyber risks, respondentsstate that enterprise risk management philosophy (25%) and thenature of records or data stored (23%) are the two most important.Other factors include security tests and audits, and updatedsecurity. 

Three quarters of respondents were split evenly among whichhazards are the most risky, and their responses fall in linewith PC360′s top 10 data breaches of the last 12months.