PHILADELPHIA—Underwriters' information needs and internal company politics can make purchasing cyber risk insurance a challenging process, but it's becoming necessary as the frequency of data breaches increases, risk managers and industry experts say.

Speaking this month at the NetDiligence Cyber Risk & Privacy Liability Forum in Philadelphia, Lee Garvin, director of risk management at JetBlue Airways Corp. in Forest Hills, N.Y., said in purchasing cyber risk coverage, “The initial process is painful.” But “the renewals have become a lot easier” and “the marketplace has matured a ton in the past five years,” he said.

“There's politics involved in this stuff,” Mr. Garvin said. “You've got to be very careful that you're not vilifying (the information technology department) as, ‘You guys have these holes all over the place.'”

“I don't think anything was a waste of time,” Renee Yozzi, risk manager at Horizon Blue Cross Blue Shield of New Jersey in Newark and another risk manager panelist, said of the process of purchasing the company's first cyber risk policy. A buyer always learns through the process, she said, noting that the company's brokers brought value through their analysis of various coverage options. “It made it very clear what we had to focus on,” she said.

The buy-in of her company's chief information officer “had a big impact,” Ms. Yozzi said, adding that “if I had to go through it again, maybe I would form a team and have all the major areas involved.”

As companies go through the process of purchasing cyber risk coverage, Ms. Yozzi said brokers can assist buyers seeking executive support by providing claim information, technical resources, information on emerging risks such as social media and “anything that can be put in an easier format for us to pass along or transfer.”

It's also important to highlight what's not covered in the policies, she said, because sometimes top executives might assume the company has coverage that isn't there.

That information should be concise, however, Mr. Garvin said. “The C-suite really doesn't want to hear from the risk manager,” he said. “So anything more than a one- or two-page (document) is going to be a problem.”

He added that it's important for underwriters to ask their questions to risk managers early in the process because it can take time to get the answers.

Ms. Yozzi said recent well-publicized data breaches have begun to raise awareness of the need for cyber risk coverage at many organizations.

“I think it's been a humbling experience for everyone,” she said. “I'm not sure what CIO would want to put themselves out there anymore and say, ‘We're invincible.'”