There’s no question that the internet has change the way we live and work. Now, it’s beginning to change the insurance industry, which says businesses around the world need to “wake up” to the reality of cyber threats.

That’s the consensus following the Advisen Cyber Liability Insights Conference in London last week, which discussed the privacy and security risks facing businesses today.

Speaking at the conference, Francis Kean, executive director of the FINEX Global Unit for Willis, warned that companies and their boards of directors must understand how exposed they are to the growing threat of cyber attacks.

“There is a whole universe of potential cyber risk not understood at a board level,” he explained. “This, in turn, creates a risk that board directors will fail to discharge their duty of care and duty to promote the success of the company. Their fiduciary duties require them gain some understanding of the cyber threat faced by their companies and to ensure adequate and proportionate procedures are adopted to mitigate the consequences of a serious data breach.”

Cyber attacks against governments and businesses are among the top five risks in the world according to the World Economic Forum’s (WEF) Global Risks for 2012 report. Cyber attacks come in at number four of the risks most likely to materialise just behind economic fears about income disparity and fiscal imbalance, and concern over rising greenhouse gas emissions. Experts are most afraid of cyber attacks that spark come sort of devastating malfunction in power plants, water supplies and other critical systems.

But data breaches seem to be the most common of type of attack. InformationWeek recently reported that there were 419 data breaches in the US that were publicly disclosed in 2011 exposing a total of 22.9 million records. It’s difficult to pinpoint the exact number of breaches as many went unnoticed by the media or weren’t reported at all.

One that did not go unnoticed was a breach at Sony. The tech giant suffered a massive loss when hackers stole the names, birth dates and credit card numbers from nearly 100 million customer accounts on its PlayStation Network a debacle the company estimates will end up costing them at least $200 million.

In a lawsuit, Sony’s insurer, Zurich American Insurance Company, said the company did not have a cyber insurance policy. A spokesman for Sony said they had coverage for “significant portions” of the losses for the data breaches.

Despite high-profile cyber attacks like the one at Sony and others on Google, Epsilon, RSA and others last year, only a third of companies surveyed by the research group, Advisen, say they have a cyber insurance policy.

Even more disturbing is that cyber risks don’t seem to be getting adequate attention from the top. The 2012 Carnegie Melon CyLab Governance survey of the Forbes 2000 list found that nearly half of the respondents said they do not have full-time personnel in key privacy and security roles, and 58 percent said their boards had not reviewed their companies’ insurance coverage for cyber-related risks.

Experts say when it comes to cyber insurance, every company needs it and most don’t realise they don’t have it until it’s too late. More companies are expected to buy policies this year because of new Security and Exchange Commission requirements in the US. Last October, the SEC issued new guidance requiring companies to disclose material cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage”.

“The SEC guidance is a useful wake-up call to the risks of data breaches for boards everywhere but they now have a delicate balancing act,” Mr Kean said at last week’s Advisen event. “The problem with exposing cyber breaches is you don’t want to provide a route map to hackers or potential plaintiffs down the road, but you also don’t want to expose yourself to a shareholder class action.”

Also speaking at the Advisen Cyber Liability Conference, Jeremy Smith, the cyber liabilities practice leader for Willis, discussed the development of cyber-liability insurance, saying: “The convergence of cyber coverage in recent years was largely due to a lack of sophisticated claims data and significant increases in cyber crime.”

Technological advances have changed and will continue to change the way companies collect, use and store their biggest asset data. Experts say smart companies understand that risk and are taking proactive steps to protect their data, customers and reputation.