This paper discusses the adequacy of insurance for managing cyber risk. To this end, we extract 994 cases of cyber losses from an operational risk database and analyse their statistical properties. Based on the empirical results and recent literature, we investigate the insurability of cyber risk by systematically reviewing the set of criteria introduced by Berliner (1982). Our findings emphasise the distinct characteristics of cyber risks compared with other operational risks and bring to light significant problems resulting from highly interrelated losses, lack of data and severe information asymmetries. These problems hinder the development of a sustainable cyber insurance market. We finish by discussing how cyber risk exposure may be better managed and make several suggestions for future research.