Cyber insurance ‘should be norm within 10 years’