The cyber insurance universe is still in its infancy. There will be many changes over the next couple years on the coverage, reaction procedures, premium pricing, and claim stipulations. I also would love to see a standard structure and terminology of what risks are covered under what policies.
ISMG recently did a podcast to look at why the market for cyber insurance among small business is struggling and it's an interesting listen.
One of the quotes I love from it is "there is a permanent residual risk of just being on the internet".
Click below to listen to the podcast (it's like the first 7 or 8 minutes) on the ISMG website:
http://www.bankinfosecurity.com/interviews/understanding-small-business-cyber-insurance-marketplace-i-3655