Humility is a virtue everywhere, and some large companies have certainly been humbled by cyber attacks in recent years. This has encouraged the growth of a cyber security market that we covered in a cover feature back in December 2014. As a mid-market player, Sophos has demonstrated in its full-year results - which we analyse this week - the growing demand for its network and end-user security systems. As smaller businesses experiment with e-commerce and mobile, the risks are clear to see.
Because a company cannot know everything, and can predict even less, there is another equally important side to this market: insurance. Appetite for cyber insurance policies has been growing rapidly, according to Dan Trueman, head of cyber at listed insurer Novae (NVA). They have also evolved from third-party data and privacy risks, which were displayed most prominently in last year's TalkTalk (TALK) and Dixons Carphone (DC) hacks. Insurance products now offer cover for business interruption, reputational damage and system failure, as well as crisis management services.
Selling more cyber insurance policies helped lift gross written premiums at Novae's casualty division, where they sit, by a fifth last year. This division is still eclipsed by its major property division, followed by its marine, aviation and political risk segment, but provides a leg of diversification for our long-standing buy tip (Buy, 486p, 16 May 2013). There is a similar growth story at Beazley (BEZ), where 'speciality lines' is the biggest division in terms of gross premiums. Indeed, its data breach and cyber portfolio is now its largest single line of business. Hiscox (HSX) has long been operating in the market, too.
The United States has hitherto provided much of the running, which is hardly surprising. It is almost exactly four years since LinkedIn confirmed that computer hackers had posted 6.5m encrypted passwords online. And it seems that not a month goes by without a story about cyber terrorism, with one wave seeing everything from Wall Street banks to upstate New York dams targeted, by hackers believed by US authorities to be linked to the government of the Islamic Republic of Iran.
If you believe the insurance vendors, the European market is not far behind. Last year, Beazley launched a cyber consortium with fellow Lloyd's syndicates, focusing on selling cover for data breaches to ex-US companies with revenues above $5bn (£3.4bn).
But the wise bods on the Lloyd's market still have work to do in exploring all the risks of this market, within and beyond the risk of data breach. "The market needs to develop appropriate tools to analyse systemic risks, such as advanced modelling techniques, as well as a common lexicon for quantifying risk," says Mr Trueman. The market's talent pool also needs expanding, he adds.
With Sophos, it is worth noting that the Americas is its second-largest division to Europe, Middle East and Africa, despite the maturity of the US market. European businesses understand the value of data security, and increasingly understand the value of cyber insurance, too. How about using a targeted exchange traded fund? As my personal finance colleague Kate Beioley has written, there are real risks in following the fad and piling into a basket of highly specialised securities. But for the stock-picker looking for exposure to a growing market, you don't need to be sophos or a sophi to see potential in cyber defence.
