Insurers may need to change their underwriting and pricing approach to meet bullish forecasts for sales of cyber coverage, considering the speedbumps keeping many carriers from stepping on the accelerator and prompting the majority of potential buyers to hit the brakes.

In theory, cyber insurance should be a product that sells itself, given the increasing frequency and severity of high-profile hacker attacks against major organizations as well as the growing number of individuals coping with online identity theft. Yet in practice many insurers are struggling to get a handle on this promising but problematic market, while the majority of buyers are hesitating to add the coverage to their risk management portfolio.

Cyber remains a relatively small niche market

Why is that? With the stage seemingly set for dramatically higher demand, and in a property and casualty market starved for organic growth, you might expect sales of cyber policies to be soaring exponentially. In reality, while growth projections are bullish — with some predicting U.S. sales to double or even triple over the next few years — cyber insurance remains a relatively small niche market. The line generates somewhere between $1.5 billion and $3 billion in annual U.S. premiums, according to varying estimates by regulators and rating agencies — representing only a tiny fraction of the more than $500 billion U.S. carriers write annually for all lines.

There certainly appears to be plenty of room for growth, considering that just 29 percent of US businesses had bought cyber insurance as of October 2016, according to a "Market Watch" survey conducted by the Council of Insurance Agents and Brokers (CIAB). Even big organizations with potentially huge cyber exposures are going bare in many cases, or at best are underinsured.