While the words "sexy" and"insurance" seldom appear in the same sentence, cyber liabilitychanged that in 2011.

Speaking about coverage for data-breach risk, Jake Kouns, seniordirector of technology and a data-privacy underwriting expert atproperty-and-casualty insurance holding company Markel, said in October, "It's the new, sexy insurance. There are 30carriers now writing it."

The reason for this inrush of underwriters, of course, is thatthe digital storage and transfer of data is a critical part ofdoing business today for a huge—and constantly growing—swath ofindustry sectors. Insurance companies, banks, asset managers,retailers and, as Sony reminded us this spring, even gamemakers—they all handle private financial data.

And it's not just hackers, viruses and phishing emails that putdata at risk. Security breaches can just as easily be caused bylost or misplaced files or even mishandled waste. A breach thatresults in a client's data being stolen and used in a damaging waycan lead to substantial third-party liability claims—and governmentpenalties.

A report from Lloyd's and technology company HP earlier this yearwarned that businesses becoming more reliant on technology willface more complex and damaging digital attacks as sophisticatedcriminals quickly adapt their methods to steal from, disrupt andspy on businesses.

Larger companies have been attuned to the risks of data-poachingand Web-site shutdowns for a while now—and many have stoppedinquiring about coverages and have actually started buyingpolicies. Why cyber liability could prove to be a major newbusiness opportunity for agents, brokers and carriers is that therisks of expensive data breaches very much extend to small andmidsize businesses as well.

Indeed, it is companies outsidethe Fortune 1000 that could find it very difficult to recover froma data breach without the right insurance, says Kouns, who alsoserves as chairman/CEO of the Open Security Foundation—a nonprofitpublic organization that seeks to help businesses minimize theirinformation-security risks.

While cyber coverage has moved from an afterthought to afront-burner issue for many risk managers this year, the types ofcoverages being offered are still all over the map. Policies cancover everything from helping reconstitute data to thepublic-relations expenses needed to repair a damagedreputation.

Prices, too, are evolving—and are perhaps still too low. "Rightnow you can get a policy with a $1 million limit for $1,500 inpremium," notes Kouns. "That is worrisome. It's too cheap.Companies will buy the coverage and think they don't need to doanything to secure their systems."

Even though cyber risk is everyone's problem, the Zurich-sponsored survey "A New Era in Information Security andCyber Liability Risk Management" in October showed that ITpersonnel are the ones who are generally considered (by 73.2 of therespondents) to be responsible for protecting against such threats.Only 13.2 percent believed it is the risk-management/insurancedepartment's responsibility.