This month NetDiligence a leading provider of cybersecurity solutions and information released its 9th annual Cyber Claims Study, which is considered the gold standard of evidence-based information relating to actual losses for data breaches.
The study breaks down the costs associated with data breaches, using findings from cybersecurtiy liability insurance claims, and is the only study where claims data from multiple cyber insurers is aggregated and analyzed. It examines cost by the type of data exposed, the cause of loss, the business sector in which the incident occurred, and the size of the affected organization. This year there were 1,100 new claims, more than double the number submitted last year.
- Large Companies Records Exposed: average = 19.6 M, median = 48K
- Large Companies Per-Record Cost: average = $296, median = $15
- SME Companies Records Exposed: average = 280/K median = 600
- SME Per-Record Cost: average = $234, median = $60
- SMEs: 96% (Size by Revenue, average $118M – median, $33M)
- Large Companies (Size by Revenue, average $5.08B – median, $2.6B)
SME Overall Costs
- Breach, $178K average, median $48K
- Crisis Services, $3.8M average, median $386K
- Legal, $181K average, median $20K
Large Companies Overall Costs
- Breach, $5.8M average, median $1.0M
- Crisis Services, $178K average, median $48K
- Legal, $2.2M average, median $604K
SMEs Notifications Costs
- Approximately 17% of claims reported notification costs.
- The average and median notification costs were $75K and $8K. The largest claim for notification costs ($5.5M).
Large Companies Notifications Costs
- Approximately 28% of claims included notification costs.
- The average and median notification costs were $2.4M and $131K. The largest claim for notification costs occurred in 2017 ($23M)
SMEs Business Sectors (Top 4)
- Professional Services
- Financial Services
Large Companies Business Sectors (Top 4)
- Financial Services
SMEs Cause of Loss (top 4)
- Social Engineering
- Business Email Compromise (BEC)
Large Companies Cause of Loss (top 4)
- Third-Party Legal Actions
- Rogue Employees
If interested in reading the complete 2019 Cyber Claims Study, it can be downloaded at https://netdiligence.com/portfolio/cyber-claims-study/