We illustrate the existence of a “nondiversification trap” (Ibragimov, Jaffee, and Walden,2009) when portfolios of cyber risk are constructed. Portfolio diversification thus does not decrease risk, but rather increases risk. Our results help to explain the current state of cyber insurance market, which is far behind the expected market volume. Many insurance companies are reluctant to offer cyber insurance on a broad scale, because (among other reasons) they anticipate the unfavorable diversification properties. We also discuss potential ways to overcome the nondiversification trap.