Content Assessment: Cost and Loss? The 2022 NetDiligence Cyber Claims Study
Information - 94%
Insight - 94%
Relevance - 90%
Objectivity - 95%
Authority - 94%
A short percentage-based assessment of the qualitative benefit of the recently released Cyber Claims Study from NetDiligence.
Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: NetDiligence® specializes in Cyber Risk Readiness & Response services and is an award-winning provider of innovative cyber risk management software and services to the insurance industry. Recently NetDiligence published its twelfth annual Cyber Claims Study. This report includes incidents that occurred during the five-year period 2017–2021 and includes a total of 7,439 analyzed claims. The new report may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand and address cybersecurity threats.
Media Release Extract*
NetDiligence Publishes Twelfth Annual Cyber Claims Study
Data-Driven Analysis of Cyber Claims Payouts
NetDiligence®, a leading provider of cyber risk readiness and response services, announced today [October 3, 2022] it has published its twelfth annual Cyber Claims Study, a study of actual losses for data breaches and other cyber-related events covered by leading cyber insurance carriers. Sponsoring the study are RSM, Experian, Guidewire, and The Beckage Firm.
Click here to download the full report.
This year’s report features analysis of almost 7,500 claims from events that occurred during 2017–2021, including over 1,000 claims analyzed from incidents that occurred in 2021. The data from these claims has been aggregated in over 20 ways, including crisis, legal, business interruption, recovery, and total incident costs; the nature of the event, type of data exposed, business sectors affected, revenue size of claimants, and causes of loss, especially the growing impact of ransomware.
Findings are presented separately for small to medium enterprises (SMEs) and large companies. In this report, the average revenue for SMEs was approximately $88M, while the average revenue for large companies was $13.5B.
In this year’s study, ransomware was once again the number one cause of loss for SMEs and the costs associated with a ransomware event were again higher – the 5-year average ransom climbed to $262K; the 5-year average cost of a ransomware incident rose to $455K. The average incident cost for large companies (across all types of incidents) was $12.8M.
“For the third year in a row, ransomware is the leading cause of loss for SMEs,” said Mark Greisiger, President of NetDiligence. “Furthermore, the overall business interruption cost of a ransomware incident has significantly grown over that time period. The average costs for a ransomware incident in 2021 were almost double the 5-year average costs.”
“It is a crucial time for SMEs to protect themselves by implementing preventative measures such as multi-factor authentication (MFA) and Endpoint Detection and Response (EDR),” Greisiger adds. “Equally important, we have learned from the cyber insurance community that all sectors must be vigilant about putting an actionable incident response plan in place with hotlines to the insurance carriers’ preferred Breach Coach® and other incident response experts. Ransomware, along with business email compromise (BEC), will likely remain the primary cyber threats. However, we have seen first-hand that when organizations have the tools and planning in place to respond quickly and efficiently, they can minimize both the cost and the disruption to their businesses.”
Study findings will be presented at the NetDiligence Cyber Risk Summit in Santa Monica, California on Tuesday, October 11, 2022. More in-depth coverage of findings, along with front-line insights from sponsors, can be found inside your cyber insurer’s eRiskHub portal.
2022 NetDiligence Cyber Claims Study Report 2022 - InfoGraphic
*Shared with explicit permission.
- [Annual Update] International Cyber Law in Practice: Interactive Toolkit
- Defining Cyber Discovery? A Definition and Framework
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.