Customers of David Jones and Kmart were left exposed last week after hackers stole private email addresses, home addresses and phone numbers.

It follows several high profile attacks in the United States, on extra-marital affair website Ashley Madison, investment bank JP Morgan, Sony and Target.

The cyber intelligence agency, the Australian Signals Directorate, said attacks on business and government increased by 20 per cent last year to over 11,000.

Now fearing the worst, an increasing number of companies are taking out cyber insurance.

"Cyber insurance is probably the fastest growing insurance in the world," said Allianz's Roger Smith.

Lax cyber security can cost companies dearly - they risk fines of up to $1.7 million for breaches of privacy.

Insurance covers the fines, business shutdown costs and even cyber ransom where hackers blackmail companies.

It can cost from $1,000 up to hundreds of thousands, depending on the size of the company and its vulnerabilities.

There are currently 15 providers offering cyber insurance in Australia.

While the damage can be huge, the perpetrators can be small-time.

"The players are quite diverse, they range from hostile governments through to organised crime, activists and even down to 15-year-old boys in their bedroom with their laptops," said Mr Smith.

"Their motivations can be quite broad as well, from seeking financial gains to drawing attention to a specific cause."

David Jones and Kmart volunteered information about the breaches to the Privacy Commissioner and customers, but many businesses do not.

However, new laws set to be introduced early next year will make it mandatory to report cyber attacks.

Susan Elias from insurance broker Marsh said the laws are causing firms to reassess their cyber risk.

She has seen double the inquiries for cyber insurance in the past year.

"We are seeing an increase in interest from a number of different clients across the spectrum, large organisation, non-profits, small to medium clients," she said.

Hackers are now frequently targeting small business with less sophisticated IT security and using them to access larger businesses further along the supply chain.

McCabes is a bustling Sydney law firm and, concerned about client confidentiality, it has taken out cyber insurance.

Principal Jimmy Gill said, in a worst case scenario, an attack could debilitate the firm.

"You'd be looking at loss of revenue through business disruption, the theft of confidentiality - which would impact not only our firm but our clients - and the loss of reputation," he explained.

"I think boards of directors are quite aware now that this is not an IT issue it's an operational issue of the board to take into consideration," said Susan Elias.

"If things do go wrong and they haven't addressed their cyber security resilience they could end up being sued or disqualified and the buck would stop with them."

In the most recent case, the buck is stopping with David Jones and Kmart

While the Australian Federal Police investigate the high profile hacking, the retailers so far have not disclosed if they have cyber insurance.