For example, if business is interrupted at a securities trading house due to a network outage caused by a security breach, Tse said a claim could be made against the cyber insurance coverage for business lost from the interruption. But the policy may not cover business lost from account-cancellations caused by reputational damage from the security breach.

"If the firm had $1 million monthly revenue from its online trading platform, the claim would be based on the lost revenue in transactions and volume [directly] caused by the network outage," she said.

In addition to banks and financial sectors, Tse also suggested healthcare organizations consider cyber insurance. She posited a scenario where a clinic loses patient data in a security breach and one of those patients is a director of a listed company. Such information is sensitive data that may cause share prices to fluctuate.

"When business is lost due to the leakage of such data, should the clinic be liable?" she said. "There are still a lot of uncertainties, therefore I suggest organizations consider having a [cyber insurance] policy," she said.