NetDiligence®, a leader in cyber risk readiness and response solutions, is proud to announce the release of its highly anticipated thirteenth annual Cyber Claims Study, a study of actual losses for data breaches and other cyber-related events covered by leading cyber insurance carriers. Sponsoring the study are RSM, Experian, Bitsight, and Constangy, Brooks, Smith & Prophete, LLP.
Click here to download the full report.
This year’s study analyzes 9,000 claims spanning the period from 2018 to 2022, with 800 claims from 2022 alone. These claims span a broad financial spectrum, from under $1,000 to more than $400 million in costs, involving organizations across seven revenue groups, 18 diverse business sectors, 25 causes of loss, and 13 types of compromised data.
The data has been aggregated in over 20 different ways, including crisis, legal, business interruption, recovery, and total incident costs; the nature of the event, type of data exposed, business sectors affected, revenue size of claimants, and causes of loss, including the impact of ransomware.
Findings in this report are presented separately for small to medium enterprises (SMEs) and large companies. This year’s analysis spotlights the escalating financial challenges faced by SMEs in the wake of modern day cyberattacks.
While the average cost of cyber incidents for SMEs showed a slight dip from 2021 to 2022, the average ransom demand for SMEs increased from $514,000 to $555,000 during the same period. Large companies, on the other hand, experienced a significant average incident cost of $13.8 million across all incident types.
In 2022, criminal activity accounted for a staggering 95% of cyber insurance claims from SMEs–a figure that has been steadily on the rise since 2018. The average costs incurred by SMEs for claims stemming from non-criminal activity more than tripled, increasing from $177,000 in 2021 to $433,000 in 2022.
Mark Greisiger, president of NetDiligence, remarked, “We want to thank our cyber insurance partners, whose participation in the study allows us to offer these insights. It is genuinely eye-opening to witness the profound financial ramifications of cyberattacks on SMEs. This year’s report reveals over 500 cyber claims from SMEs that exceeded $500,000 in total costs, with business interruption alone averaging $370,000. Organizations are often inadequately prepared to weather the potential financial storm brought about by cyber incidents.”
Greisiger went on to explain, “These trends underscore the urgent need for organizations of all sizes to proactively establish comprehensive incident response plans and other baseline security measures to mitigate both the financial and operational repercussions of data breaches and cyberattacks.”
NetDiligence’s new Cyber Claims Study offers a unique and sobering look into the evolving landscape of cyber risks, providing critical insights and intelligence for organizations navigating this challenging terrain.