Cyber insurance represents an attractive growth opportunity for the global insurance industry, Fitch Ratings says.

The rating agency says that a cyber security report published Monday by the UK government and the insurance sector confirms its view that “there is a key role for the insurance industry in addressing and mitigating cyber risks.”

Indeed, Fitch says that cyber insurance is “a key growth opportunity” for the global insurance and reinsurance industries. It notes that just 2% of large firms currently have explicit cyber insurance, and that coverage rates drop close to zero for smaller firms. “This is despite the significant growth in cyber insurance premiums written in recent years,” it says.

Additionally, Fitch says that it also believes that it is only a question of time before cyber insurance enters the household insurance market, either as a standalone policy, or as an add-on to existing personal household or property insurance products.

While this area represents a major opportunity, Fitch also warns that it could also cause significant losses “due to substantial aggregation risk and the increasing sophistication of cyber attacks.”

And, it says that intangible damages, such as a loss of reputation, can be very difficult to measure; which also makes pricing very difficult using traditional actuarial methods, “especially as loss data and underwriting profitability for cyber risks remain relatively opaque.”

Finally, Fitch says that governments will also have an increasing role in the prevention and indemnification of global cyber attacks. “In our view, governments will play an increasing role by enhancing legislation, for example regarding data protection, and increasing cyber risk awareness and management. As the size of aggregate cyber risk pool grows, further government initiatives are likely to develop as they have done in other sectors, such as flood risk,” it says.

Increased legislation is also likely to increase demand for cyber insurance, as new data protection laws in Europe for example will include an obligation for companies to notify customers if a security breach has been detected. “This raises awareness of cyber risks and also means companies are likely to try to reduce breaches by continually upgrading cyber risk management, including using insurance products,” it says.