A Wells Fargo survey of 100 U.S. middle-market and large companies found that 85% have purchased cyber and data privacy insurance.
Of those that have purchased policies, 44% have filed a claim as a result of a breach.
A recent study by NetDiligence found the average claim for a large company is $4.8 million.
The rise in cyber claims filed is also driving up insurance rates. According to insurance brokerage Marsh & McLennan Co., average cyber insurance rates for retailers jumped 32% in the first half of 2015.
"The market for network security and privacy liability is definitely hardening due to the increase in claims, success of the plaintiff's bar with regard to class-actions and the increase in data privacy events overall," said Dena Cusick national practice leader with Wells Fargo Insurance's Technology, Privacy and Network Risk National Practice.
The Wells Fargo report also found many businesses that purchase cyber insurance do not have response guidelines in place, and have not mae sure employees have adequate training in security and privacy.
Experts say "high risk" companies such as retailers and health insurers may have a tough time getting coverage at all.
Even the biggest insurers will likely not write policies for more than $100 million for risky customers, said Marsh & McLennan Co. But hacks can easily cost companies more than twice that. Target said its 2013 data breach cost $264 million.