The Australian Signals Directorate says cyber attacks on business and government increased by 20 per cent last year, and it appears firms are moving quickly to protect themselves.

Reports say more and more are taking out cyber insurance.

It is clearly a good idea, as failures in cyber security can cost companies dearly, putting them at risk fines of up to $1.7 million for breaches of privacy for a start

Cyber insurance covers fines, business shutdown costs and even ransom or blackmail, where hackers extort money from companies with the threat of releasing their databases.

Roger Smith from Australian insurance provider Allianz says the damage can be huge, but the perpetrators are often small-time.

“The players are quite diverse, they range from hostile governments through to organised crime, activists and even down to 15-year-old boys in their bedroom with their laptops,” Mr Smith told the ABC.

“Their motivations can be quite broad as well, from seeking financial gains to drawing attention to a specific cause.”

New laws on the way next year will make it mandatory to report cyber attacks.

Customers of David Jones and Kmart had their private email addresses, home addresses and phone numbers stolen last week.

While the two retail giants volunteered information about the breaches to the Privacy Commissioner and customers, a lot of businesses do not.

The Australian Federal Police are investigating the high profile hacking, but ultimately the buck is stops with David Jones and Kmart.

The retailers will not say whether or not they had cyber insurance.