IT's input is crucial when it comes to deciding whether to buy cyber insurance and determining what coverage to buy, security experts say.

"Information professionals, especially information security leaders, need to step up. They need to understand that they're in charge of more than just security. They need to understand and articulate the vulnerabilities that they face in terms of risk. That's the language of the board," said Don Fergus, a US-based IT risk consultant.

An organization's risk management and legal folks understand the language of insurance riders and exclusions, but no one is better equipped to understand and articulate an organization's information security system than the people who run it.

"The CIO is on the front lines in dealing with information systems and should know about actual and potential problems," said Eric Sinrod, a partner at San Francisco-based law firm Duane Morris.

IT managers can also assist with facilitating an accurate cost-benefit analysis. "It might cost the company less to recreate the data than it would be to pay for the insurance premium," he added.