The Association of British Insurers (ABI) has called for the creation of a database of cyber incidents to help UK lead the global cyber insurance market.
Such a central database would help tackle the lack of information available at present, enable insurers to properly price cyber risks and could put the UK at the head of potential $20bn global market.
The ABI said a national anonymised database, run on a not-for-profit basis could record details of cyber incidents at businesses including business interruption losses, ransom demands, loss of confidential data and damage to IT systems.
It would be constructed by building on the requirement in the European Network Information Security Directive for certain firms to notify cyber incidents from 2018.
This data could be anonymised and made accessible to insurers, who could then use it to improve pricing.
Several USA states require firms to report any cyber breaches, but a national database accessible to insurers would be a world first, the ABI said.
Director general Huw Evans explained: "Cyber losses are the biggest threat to Britain's world leading digital economy, and we need to capture more data to get on top of the problem."
He contrasted the lack of cyber data to the 350 years' worth of information available on fires and 100 years on motor and aviation matters, even though "cyber is the biggest insurable risk that the industry will have to meet, and it is critical to the economy".
Evans said that unless companies were required by law to report losses from cyber incidents "insurers are not going to have the data they need to provide the right cover".
He added: "Nothing hinders the growth of an insurance market more than a lack of data. More data can help stimulate the cyber insurance market, giving greater choice to businesses in insuring against cyber losses."
The ABI has also issued a guide for small and medium-sized enterprises, Making Sense of Cyber Insurance, including information on cyber business interruption losses, privacy breach costs, cyber extortion, and cyber specialist support.
Assistant director Matt Cullen said these firms were as likely to be targeted as larger ones but would usually have lower levels of data protection in place.
"A cyber-attack will often be very disruptive and costly, and in some cases, could even threaten a smaller firm's existence," Cullen said.
