Many of the UK's top companies do not have adequate internet crime protection cover.
Oliver Prior, of Willis's research and development unit, speaking at the Insurance Institute of London said: “With probably 50% of the FTSE 100 you could slaughter their crime insurance policies.”
Prior said companies tended to have extremes of cover for internet crime losses, with the sums insured being either excessive or inadequate.
He added it would only be when more companies began to get appropriate levels of insurance that the market would get hit. “The coverage isn't good enough and isn't showing up in claims,” he said.
Prior identified four main areas where companies need to ensure they have cover: payment methods, viruses, extortion and employee dishonesty.
With payment methods, any contracts concerning public key infrastructure had to be carefully examined, he said. “Computer companies throw waivers around like maniacs.”
Regarding dishonest employees, it was unclear who should pay out to third parties financially affected by the actions of those employees.
And Prior said financial losses resulting from internet crime were increasingly not defined as property damage, but as a policy area on its own.
Damage to reputation resulting from internet crime might in future be covered by insurance, Prior said. “But at the moment trying to put a value on a brand is quite tricky.” Measuring the damage was difficult and often the loss could also be attributed to another cause such as negligence from within the company.