Connect with us

Hi, what are you looking for?


Cyber Insurance

Study Shows Costs of Cyber Incidents From Insurer’s Perspective

Cyber risk assessment and data breach services company NetDiligence published a new study on Monday focusing on the costs incurred by insurance underwriters due to cyber incidents.

Cyber risk assessment and data breach services company NetDiligence published a new study on Monday focusing on the costs incurred by insurance underwriters due to cyber incidents.

The fourth annual Cyber Claims Study has been sponsored by AllClear ID, McGladrey and ICSA Labs, and it’s based on the sampling of 117 data breach insurance claims. The focus is on 111 of these cases in which sensitive personal data was exposed.

The report shows that in 2013 payouts ranged between $600 and $6.5 million, but typical claims ranged from $30,000 to $400,000. The average claim payout was $733,109.

The financial services and the healthcare industries were the most affected, accounting for a total of 44% of the claims. However, these sectors accounted for only 4% of the total number of records exposed. The report puts the entertainment sector (52% of exposed records) and the technology sector (39% of exposed records) at the top of the chart.

The average claim payout in the healthcare sector was $1.3 million. In the case of the entertainment ($1.4 million), media ($1.1 million), retail ($1.1 million) and technology ($700,000) sectors, high payouts were the result of major cyberattacks, NetDiligence said.

RelatedThe Hidden Strategic Advantage in Cyber Insurance

The average number of records lost was 2.4 million, with the average cost per record calculated at $956.21. When it comes to causes of loss, hackers accounted for most claims (29%), followed by staff mistakes (13%), malware (11%), and rogue employees (11%).

The costs incurred by underwriters are for legal matters, such as class action lawsuit defense and settlement; crisis services, such as notification, legal counsel and forensics; fines for PCI violations; and regulatory costs that include defense and settlement.

Advertisement. Scroll to continue reading.

In the case of crisis services, the average cost was $366,484, while for legal defense it was $698,797.  The average cost for legal settlement was $558,520, the report shows.

Judging by the size of affected organizations, micro-revenue organizations accounted for 33% of claims, followed by nano-revenue organizations (30% of claims), mid-revenue organizations (12% of claims), and large-revenue organizations (4% of claims). However, NetDiligence has pointed out that the cases covered by the study represent only 5-10% of the total number of claims handled in 2013 by all markets.

“The reputational and financial impacts to small and middle market companies can be more damaging than the Fortune 500 organizations we have read about in the media, since many do not have the resources to address security and privacy issues themselves,” said Andy Obuchowski, security and privacy director at McGladrey. “The data points contained in this report provide insight into the costs associated with data breach incidents and the value of understanding related risks. This study can help further educate the market on potential risks and associated damages and promote more proactive efforts to help protect organizations in today’s environment.”

The large number of data breaches has made many organizations consider adopting cyber insurance. However, a study published last month shows that most brokers have not seen a significant increase in sales, despite the heightened interest from executives and boards.

 The complete Cyber Claims Study (PDF) from NetDiligence is available online.

Related: The Hidden Strategic Advantage in Cyber Insurance

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights