|
Content Assessment: NetDiligence Cyber Claims Study Offers Stark Insights into SME Vulnerabilities
Information
Insight
Relevance
Objectivity
Authority
Excellent
A short assessment of the qualitative benefit of the recent announcement from NetDiligence of its 13th Annual Cyber Claims Study providing unprecedented insights into the rising tide of cyber risks.
Editor’s Note: In an era where cyber risks are becoming increasingly complex and financially draining, NetDiligence’s 13th annual Cyber Claims Study stands as a welcome resource and trusted benchmark for cybersecurity, information governance, and eDiscovery professionals. The report, released on October 10, 2023, examines more than 9,000 cyber insurance claims across seven revenue groups and 18 diverse business sectors. Sponsored by industry leaders like RSM, Experian, Bitsight, and Constangy, Brooks, Smith & Prophete, LLP, the study sheds light on the rising financial toll of cyber incidents, particularly on small to medium enterprises (SMEs).
Industry Report Summary
Cyber Claims Study 2023 Report (NetDiligence)
ComplexDiscovery Staff
Cyber risk readiness leader NetDiligence announced on Tuesday, October 10, 2023, the release of its annual Cyber Claims Study, revealing unparalleled insights into the financial repercussions of cyber incidents. Covering claims filed between 2018 and 2022, the study showcases an exhaustive categorization of data related to cyber risks and their financial impact.
Deciphering the Numbers
The report analyzes more than 9,000 claims, 800 of which were filed in 2022 alone. These claims ranged from sub-$1,000 to jaw-dropping amounts exceeding $400 million, providing a broad spectrum for interpretation and inference.
SMEs Bearing the Brunt
A major focal point of this year’s study is the disproportionate financial challenges faced by SMEs. While the average cost of cyber incidents decreased slightly for SMEs, the average ransom demand skyrocketed from $514,000 in 2021 to $555,000 in 2022. A worrying 95% of cyber insurance claims from SMEs were due to criminal activity, a statistic that has seen a steady uptick since 2018.
The Struggles of Larger Entities
Large corporations were not exempt from the study’s spotlight. They incurred a substantial average incident cost of $13.8 million across a myriad of incident types, demonstrating that the scope and impact of cyber risks are agnostic to company size.
Digging Deeper
The data is organized into over 20 categories, including crisis management, legal expenditures, and business interruption, among others. This enables a comprehensive understanding of various facets of cyber risks and creates a pathway for businesses to effectively strategize their cyber risk mitigation plans. Key data points from the study include:
- The study analyzed 9,028 cyber insurance claims for incidents occurring between 2018-2022.
- 98% of claims (7,768) were from small to medium enterprises (SMEs) with less than $2 billion in annual revenue. These accounted for 46% of total incident costs.
- 2% of claims (136) were from large companies with over $2 billion in revenue. These accounted for 54% of total incident costs.
- The average annual revenue for SMEs was $94 million. For large companies, it was $13.3 billion.
- Ransomware was the leading cause of loss for SMEs, accounting for 33% of claims. The average ransom payment in 2022 was $555,000.
- Business email compromise (BEC) was the second leading cause of loss, accounting for 19% of SME claims.
- For SMEs, the average total cost of a cyber incident was $175,000. The average cost was much higher for incidents involving business interruption or ransomware.
- 254 SME claims were over $1 million. The two largest were over $100 million each.
- The average crisis services cost for SMEs was $103,000, which was 51% of total incident costs on average.
- 611 claims reported the number of records exposed, totaling over 1 billion records. There was no correlation between number of records and total incident cost.
- Professional services, healthcare, manufacturing, financial services, and retail accounted for 57% of SME claims and 60% of total SME incident costs.
Urgent Call for Action
Mark Greisiger, President of NetDiligence, provided crucial commentary on the study’s findings. “We want to thank our cyber insurance partners, whose participation in the study allows us to offer these insights,” Greisiger remarked. He further stated, “It is genuinely eye-opening to witness the profound financial ramifications of cyberattacks on SMEs. This year’s report reveals over 500 cyber claims from SMEs that exceeded $500,000 in total costs, with business interruption alone averaging $370,000.” Greisiger went on to emphasize the actionable implications of the study: “These trends underscore the urgent need for organizations of all sizes to proactively establish comprehensive incident response plans and other baseline security measures to mitigate both the financial and operational repercussions of data breaches and cyberattacks.”
NetDiligence’s latest study serves as a critical wake-up call and a valuable resource for businesses looking to fortify their cyber risk management frameworks. As cyber threats continue to evolve, this study offers a comprehensive benchmark for understanding the current landscape and preparing for the challenges that lie ahead.
Assisted by GAI and LLM Technologies
Additional Reading
- International Cyber Law in Practice: Interactive Toolkit
- Defining Cyber Discovery? A Definition and Framework
Source: ComplexDiscovery