More than 40% of large US insurance companies admit that they have been the subject of a cyber attack, but over half say they have no coverage to protect themselves against the resulting losses.

A.M. Best’s Fall 2014 Insurance Industry Survey revealed that 42% of American insurers with more than $1 billion in capital and surplus have been the victims of a cyber attack or data breach. On the other hand, fewer than 5% of the smallest companies with less than $20 million in capital and surplus said they had experienced this kind of event.

"It may be a misconception to think that the smaller companies with potentially less data security would be the targets of data thieves, as the larger companies, which offer more data to potential thieves, appear to be the main focus of cyber-attacks and data breaches," reads the report. A.M. Best also points out that larger companies are more likely to store data in the "cloud", and that 72% of all companies rely on third parties for their cloud storage.

Despite these attacks, 53% of insurance companies indicated that they do not purchase cyber security insurance, and 30% only purchase coverage with limits between $1 million and $5 million. In addition, 72% of the insurers surveyed have their data security handled by their own IT staff. "So generally the same group that responds to questions about troubleshooting application error messages is also responsible for network security and data protection," notes A. M. Best.