Brad Gow, Philadelphia-based vice president of ACE USA's professional risk division, said he has noticed an uptick of cyber extortion cases in recent months.

"There is a problem that is not being acknowledged. Most companies that are being hit are not going to the FBI for fear of any reputation loss. But we have seen a number of cyber extortions targeting smaller financials and other companies or sites that have a large degree of seasonality, such as toy site in early December," he said. "Or maybe an offshore gambling site the week before the Final Four or the Super Bowl."

Geoffrey Allen, Willis senior vice president, said companies today have little choice but to open up their systems to a wide array of business partners.

"It absolutely sets up the opportunities for the attackers and creates a virtual storehouse of goodies for those intending to harvest them," Mr. Allen said.

According to Deloitte Touche, 24 percent of financial institutions surveyed last year purchased liability and property policies known generally as cyber insurance that aims to fill the holes in coverage as companies become ever more dependent on technology.

Panelists agreed risk managers started to express concerns about their cyber vulnerabilities as the last decade ended and companies were preparing for what they feared would be a systems meltdown with the Y2K changeover.

While that never happened, thanks in part to such preparations, there was a new appreciation for the dangers that lie ahead in the new century.

Robert Parisi, senior vice president for the New York-based American International Group, said while price plays a role in purchasing cyber insurance, it does not drive the process. Part of the problem for companies trying to come to grips with the new perils is a lack of communication between the risk management and technology sections of a given enterprise about their nature.

"Once they finally talk to the techies, most of the time they get a frank and refreshingly honest answer such as ?no, we are not 100 percent secure and we will never be as long as the business people still want to do transactions over our networks,'" Mr. Parisi said.

Brokers, who are pigeonholed as either property or liability experts, contribute to the confusion since cyber risks do not recognize such neat boundaries.

Michael Rossi, Los Angeles-area based insurance attorney, admitted that several years ago he was skeptical about the need for cyber coverage. But having seen courts and carriers hack away at elements insureds in the past might have relied on in their commercial general liability, foreign general liability, bankers professional liabilities or commercial property coverage, Mr. Rossi is now a believer that new times require new coverages.

A big gray area now is invasion of privacy claims for gathering information or theft and use of information to steal identities, Mr. Rossi said.

Carriers offering Bankers Professional Liability polices will most likely fight claims regarding damage to computer data of others, Mr. Rossi said.

Another problem with commercial property coverages are the paltry limits carriers sometimes place on claims from computer data corruption incidents.

"I mean, what is $50,000 to a Fortune 500 company?" he asked.

Tracey Vispoli, vice president for Warren, N.J.-based Chubb, said the trend of secure wire transfer lines migrating to Internet-based systems presents security concerns.

"I think we will see a little more of the online theft. I think it will be easier to penetrate that communication," she said.

Outsourcing IT services also presents new challenges.

"A lot of the policy forms today, particularly old-fashioned forms like the computer crime policy, which is over 35 years old, never really addressed the theft of the information or the financial loss via the third party. It really addressed just those type of events to the insured," Ms. Vispoli said.

Mr. Gow said that in the future risk managers will have to get much more involved in the vetting process in choosing what companies?stateside or offshore?will be chosen to do back office and coding work.

And that means going beyond approving the contract to looking at the employment practices "to ensure that those folks to whom you are entrusting the keys of the kingdom are good to do business with," he said.