Security Experts:

Connect with us

Hi, what are you looking for?


Cyber Insurance

Study Shows Costs of Cyber Incidents From Insurer’s Perspective

Cyber risk assessment and data breach services company NetDiligence published a new study on Monday focusing on the costs incurred by insurance underwriters due to cyber incidents.

Cyber risk assessment and data breach services company NetDiligence published a new study on Monday focusing on the costs incurred by insurance underwriters due to cyber incidents.

The fourth annual Cyber Claims Study has been sponsored by AllClear ID, McGladrey and ICSA Labs, and it’s based on the sampling of 117 data breach insurance claims. The focus is on 111 of these cases in which sensitive personal data was exposed.

The report shows that in 2013 payouts ranged between $600 and $6.5 million, but typical claims ranged from $30,000 to $400,000. The average claim payout was $733,109.

The financial services and the healthcare industries were the most affected, accounting for a total of 44% of the claims. However, these sectors accounted for only 4% of the total number of records exposed. The report puts the entertainment sector (52% of exposed records) and the technology sector (39% of exposed records) at the top of the chart.

The average claim payout in the healthcare sector was $1.3 million. In the case of the entertainment ($1.4 million), media ($1.1 million), retail ($1.1 million) and technology ($700,000) sectors, high payouts were the result of major cyberattacks, NetDiligence said.

RelatedThe Hidden Strategic Advantage in Cyber Insurance

The average number of records lost was 2.4 million, with the average cost per record calculated at $956.21. When it comes to causes of loss, hackers accounted for most claims (29%), followed by staff mistakes (13%), malware (11%), and rogue employees (11%).

The costs incurred by underwriters are for legal matters, such as class action lawsuit defense and settlement; crisis services, such as notification, legal counsel and forensics; fines for PCI violations; and regulatory costs that include defense and settlement.

In the case of crisis services, the average cost was $366,484, while for legal defense it was $698,797.  The average cost for legal settlement was $558,520, the report shows.

Judging by the size of affected organizations, micro-revenue organizations accounted for 33% of claims, followed by nano-revenue organizations (30% of claims), mid-revenue organizations (12% of claims), and large-revenue organizations (4% of claims). However, NetDiligence has pointed out that the cases covered by the study represent only 5-10% of the total number of claims handled in 2013 by all markets.

“The reputational and financial impacts to small and middle market companies can be more damaging than the Fortune 500 organizations we have read about in the media, since many do not have the resources to address security and privacy issues themselves,” said Andy Obuchowski, security and privacy director at McGladrey. “The data points contained in this report provide insight into the costs associated with data breach incidents and the value of understanding related risks. This study can help further educate the market on potential risks and associated damages and promote more proactive efforts to help protect organizations in today’s environment.”

The large number of data breaches has made many organizations consider adopting cyber insurance. However, a study published last month shows that most brokers have not seen a significant increase in sales, despite the heightened interest from executives and boards.

 The complete Cyber Claims Study (PDF) from NetDiligence is available online.

Related: The Hidden Strategic Advantage in Cyber Insurance

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.


More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem