NetDiligence: Cyber Claims Continue to be Costly

October 19, 2016

The average cyber breach claim for a large company was almost $6 million, according to the findings released by NetDiligence in its latest study on cyber claim costs.

The sixth annual study of cyber claim payouts by the cyber risk assessment and data breach services company, offers analysis of actual losses for data breach events covered by leading cyber liability insurance carriers.

While large companies continue to be targeted, the majority of claims submitted for analysis were for organizations with less than $2 billion in revenues.

Even breaches involving few records can be costly, according to the report. A reported event involved just one breached record but it cost $1.5-$2 million.

This year’s report summarizes NetDiligence’s findings for a sampling of 176 cyber liability insurance claims, 163 of which involved the exposure of sensitive data. The study examines the type of data exposed, the cause of loss, the business sector in which the incident occurred and the size of the affected organization. The study includes analyses on claims due to third-party breaches and claims due to insider involvement, both accidental and malicious. This year’s study also includes new analyses on cloud involvement, cyber extortion/ransomware, phishing and POS-related claims.

The primary focus of the study is the costs incurred by underwriters due to cyber claim events, including Crisis Services (forensics, notification, credit/ID monitoring and legal counsel/Breach Coach), Legal (class action lawsuit defense and settlement), Regulatory (defense and settlement) and PCI (fines).

This year’s study finds the average total breach cost was $665,000, with an average payout for Crisis Services of $357,000. The average claim in the Financial Services sector was $1.3 million, while the average claim in the Healthcare sector was $726,000. Breach costs ranged from $290 to $15 million, according to the report.

Average legal defense costs was $130,000 and the average cost for legal settlement was $815,000.

Insider involvement was noted in 30 percent of the claims submitted.

“As an independent and trusted partner to the cyber liability insurance industry, NetDiligence is uniquely positioned to combine data from multiple insurers so that the pool of claims is large enough to ascertain real costs, project future trends and better educate concerned Risk Managers and CFOs,” said Mark Greisiger, president of NetDiligence. “We are honored that our cyber liability insurance carrier and broker partners share a sampling of their loss data with NetDiligence. Without them, the valuable insights this educational study provides would not be possible.”

The report is available at:

Source: NetDiligence

Was this article valuable?

Here are more articles you may enjoy.