"If I was to compare the U.K. and European market now with the U.S. market, we are where they were back in 2004 to 5," said Stephen Wares, specialist in cyber risk at insurance broker Marsh.
In the U.S., laws forcing companies often at considerable cost to inform people if their private details had been compromised, led to a boom in cyber cover starting in around 2005, Wares said.
Now European lawmakers are promising bigger fines for companies that lose data, just as hackers step up illicit mining for sensitive information, driving a market for insuring against mounting financial risks.
The issue came into focus in the U.K. after a 2011 breach of Sony's PlayStation video game network that led to the theft of millions of names, addresses and possibly credit card details.
In January, British data protection watchdog the Information Commissioners Office fined Sony 250,000 pounds ($391,500) after finding the attack could have been prevented if software had been up-to-date.
"That was the regulator really baring its teeth," said Henry Sainty, partner and specialist in media and technology at law firm Farrer & Co.
The European Commission is hoping to reform from 2014 data protection rules that could slap far larger penalties, possibly up to 2 percent of a company's global annual turnover, on firms found to have fallen short of legal standards.
(Read More: Twitter Ups Securityto Prevent Further Hacking)
Rafi Azim-Khan, partner at global law firm Pillsbury and head of data privacy practices in Europe, said these proposed new rules "should keep CEOs awake at night ... It should now be quite clear that data protection due diligence should be a boardroom issue, not a backroom issue."
Warnings over the scale of the issue are not hard to find.
A guide to cyber risk for companies backed by British secret intelligence center GCHQ highlighted the example of an unnamed pharmaceutical group which spent five years and 1 billion pounds ($1.56 billion) developing a new product. Hackers stole the research and a foreign competitor eventually released a cheaper version.
According to a recent U.K. government report, 93 percent of large businesses—defined as employing more than 250 staff—had a security breach during 2012 and affected firms saw 50 percent more such attacks than the previous year.
The research also found the average cost to a large organization of its worst security breach during the year ranged between 450,000 pounds ($707,100) and 850,000 pounds.
But in some cases, the costs can magnify to many times these figures, once damage repair, legal liabilities and fines are taken into account. There is also an unquantifiable impact from reputational damage.
Laila Khudairi, an underwriter for Kiln Group working at the Lloyds of London insurance market, said the costs resulting from a data breach can run into millions.
"An intrusion can prove very costly ... determining the scope of a breach and remediating the problem, such as removing a (computer) virus, can reach into millions of dollars," she said.
Insurers say demand is concentrated currently among companies in sectors holding personal or financial data useful to criminals such as healthcare companies, financial institutions and retailers.
(Read More: Hacker Claims Airplanes Vulnerable at 30,000 Feet)