Cyber Breach Higher in Financial Services Sector
A new report from NetDiligence has found that an aggregated total breach of cyber even cost is US$394,000, which an average company’s loss could be around US$3.2 million
NetDiligence, a provider of Cyber Risk readiness and response services, outlined the figures in its seventh annual 2017 Cyber Claims Study, released earlier this week. The study calculates actual losses for data breach events covered by cyber liability insurance carriers.
NetDiligence in a press release detailed how this years study contrasts and compared it with the claim of data breach over the last 4 years. The study published about the loss in 2014-2015, and compared it with the data collected against 354 claims of data loss. Out of 2411 submission each summarized about the data breach and insurance claims. Nearly 582 cases were claims from American organizations, while the two from Canadian companies. This followed by two cases from Australia and four from the United Kingdom.
The study found that the aggregated average total breach cost was US$394,000, with an aggregated average payout for “crisis services” of US$249,000, the release said. The average claim in the financial services sector was US$588,000, while the average claim in the healthcare sector was US$537,000. For large companies (revenues greater than US$2 billion), the average breach cost was US$3.2 million, with the largest regulatory claim upwards of US$6 million.
“As an independent and trusted partner to the cyber insurance industry, NetDiligence is uniquely positioned to consolidate claims data from multiple insurers into an information repository that risk managers, company executives and insurance underwriters can use to solve real-world problems,” Mark Greisiger, president of NetDiligence, said in the release.
Other survey findings include:
- The retail sector exposed 67% (420 million) of the number of records in the total dataset;
- Companies with less than US$50 million in revenue were the most impacted, accounting for 47% of the claims;
- Cyber event recovery expense was reported as high as US$475,000;
- The gaming and casino sector incurred the highest forensics costs, averaging US$345,000, as well as the highest median breach cost of US$190,000;
- Healthcare claims for notification were the highest at US$695,000;
- Ransomware/cyber extortion affected every sector, with maximum breach costs in excess of US$500,000;
- Breach costs were 20% higher when there was cloud involvement;
- Payment card industry data was exposed in 16% of claims, but accounted for 67% of records. Personal health information data represented 15% of claims and 17% of exposed records, while personally identifiable information accounted for 36% of claims, but only 16% of exposed records; and
- Maliciously motivated insider events resulted in more expensive claims by a factor of four.
The survey noted that the numbers in the report are empirical as they were supplied directly by the “underwriters who paid the claims.” The study added that it is also important to note that many of the claims submitted for the study remain “open,” therefore aggregate costs as presented represent “’payouts-to-date’ and ‘breach costs to-date.’ It is virtually certain that additional payouts will be made on a significant portion of the claims in our dataset and therefore the costs in this study are almost certainly understated.”