Nothing scares an insurer more than a lack of data.
The database ought to include some details of the company that had suffered a security incident, the type of attack and the damage caused, including clean up costs.
Although breaches against big UK organisation such as TalkTalk and JD Wetherspoon have dominated the headlines they happen against a constant background noise of malware infections and hacking attacks that affect business large and small, as well as public sector organisations.
Actual losses on the balance sheet of compromised firms tend to come in months or years later, often at a lot less than first estimates might suggest.
About the best guide is Verizon s annual data breach report but that mainly covers trends rather than costs.
As in other aspects of security, cyber insurance is partly driven by compliance concerns PCI for retailers, Sarbannes-Oxley, HIPA etc.