And while this guidance applies only to publicly held companies, Kalinich adds, it’s likely that plaintiffs’ attorneys will look to such disclosures in helping set a cyber-security threshold for other companies.

Will the SEC’s guidance result in more companies, both public and private, media and otherwise, buying a dedicated cyber-risk policy? “I’m not sure we’re seeing this yet translate into significant activity toward the product,” observes Tim Francis, enterprise cyber-insurance lead for Travelers Insurance, which began offering a dedicated cyber policy for non-technology businesses last summer. “But many companies were looking at the product even before the SEC guidelines came out.”

Philadelphia Insurance says it has seen “pretty substantial growth” in the number of companies shopping since it began offering its own dedicated Cyber Liability product in 2010, says Tom Herendeen, vice president of management and professional liability.

A big reason why companies are looking, Herendeen and others agree, is that the cost of handling a data breach continues to rise: an average of $214 per record in 2010, up 5 percent from the year before, according to a study conducted by the Ponemon Institute. The bulk of this per-record cost comes from expenses associated with notifying customers of breaches and in providing follow-up services such as credit monitoring.

But buying a dedicated cyber policy is not always necessary. Many carriers bundle aspects of the coverage in with their standard business policies. Making the decision to purchase separate policies comes down to factors such as the number and sensitivity of data records held, as well as overall coverage limits and sub-limits in areas such as notification costs.

For media companies, whose insurance concerns also typically encompass libel and copyright infringement, striking the right balance in covering both these core business exposures and cyber security can be a challenge.

“The issue of convergence and getting everything under one roof is a big one,” observes Rennie Muzii, managing director of the financial and professional group at Marsh Inc. “If you blow out your coverage limit on a garden-variety media claim, you’ve got nothing left for cyber, and vice versa.”

Cyber Liability products are still relatively new, Muzii continues, and carriers continue to innovate with this coverage line. Some are offering turnkey cyber solutions that specify which data forensics and consumer-notification firms their insureds must use.

Other companies are setting coverage limits tied to the number of records compromised as opposed to an overall cash limit, which Muzii says can be a significant benefit to the insured. The size of a company and its revenue, and whether or not its media assets are handled separately from the parent organization, also play into which policy makes most sense.