Mon. Apr 15th, 2024

Content Assessment: NetDiligence Cyber Claims Study Offers Stark Insights into SME Vulnerabilities



A short assessment of the qualitative benefit of the recent announcement from NetDiligence of its 13th Annual Cyber Claims Study providing unprecedented insights into the rising tide of cyber risks.

Editor’s Note: In an era where cyber risks are becoming increasingly complex and financially draining, NetDiligence’s 13th annual Cyber Claims Study stands as a welcome resource and trusted benchmark for cybersecurity, information governance, and eDiscovery professionals. The report, released on October 10, 2023, examines more than 9,000 cyber insurance claims across seven revenue groups and 18 diverse business sectors. Sponsored by industry leaders like RSM, Experian, Bitsight, and Constangy, Brooks, Smith & Prophete, LLP, the study sheds light on the rising financial toll of cyber incidents, particularly on small to medium enterprises (SMEs).

Industry Report Summary

Cyber Claims Study 2023 Report (NetDiligence)

ComplexDiscovery Staff

Cyber risk readiness leader NetDiligence announced on Tuesday, October 10, 2023, the release of its annual Cyber Claims Study, revealing unparalleled insights into the financial repercussions of cyber incidents. Covering claims filed between 2018 and 2022, the study showcases an exhaustive categorization of data related to cyber risks and their financial impact.

Deciphering the Numbers

The report analyzes more than 9,000 claims, 800 of which were filed in 2022 alone. These claims ranged from sub-$1,000 to jaw-dropping amounts exceeding $400 million, providing a broad spectrum for interpretation and inference.

SMEs Bearing the Brunt

A major focal point of this year’s study is the disproportionate financial challenges faced by SMEs. While the average cost of cyber incidents decreased slightly for SMEs, the average ransom demand skyrocketed from $514,000 in 2021 to $555,000 in 2022. A worrying 95% of cyber insurance claims from SMEs were due to criminal activity, a statistic that has seen a steady uptick since 2018.

The Struggles of Larger Entities

Large corporations were not exempt from the study’s spotlight. They incurred a substantial average incident cost of $13.8 million across a myriad of incident types, demonstrating that the scope and impact of cyber risks are agnostic to company size.

Digging Deeper

The data is organized into over 20 categories, including crisis management, legal expenditures, and business interruption, among others. This enables a comprehensive understanding of various facets of cyber risks and creates a pathway for businesses to effectively strategize their cyber risk mitigation plans. Key data points from the study include:

  • The study analyzed 9,028 cyber insurance claims for incidents occurring between 2018-2022.
  • 98% of claims (7,768) were from small to medium enterprises (SMEs) with less than $2 billion in annual revenue. These accounted for 46% of total incident costs.
  • 2% of claims (136) were from large companies with over $2 billion in revenue. These accounted for 54% of total incident costs.
  • The average annual revenue for SMEs was $94 million. For large companies, it was $13.3 billion.
  • Ransomware was the leading cause of loss for SMEs, accounting for 33% of claims. The average ransom payment in 2022 was $555,000.
  • Business email compromise (BEC) was the second leading cause of loss, accounting for 19% of SME claims.
  • For SMEs, the average total cost of a cyber incident was $175,000. The average cost was much higher for incidents involving business interruption or ransomware.
  • 254 SME claims were over $1 million. The two largest were over $100 million each.
  • The average crisis services cost for SMEs was $103,000, which was 51% of total incident costs on average.
  • 611 claims reported the number of records exposed, totaling over 1 billion records. There was no correlation between number of records and total incident cost.
  • Professional services, healthcare, manufacturing, financial services, and retail accounted for 57% of SME claims and 60% of total SME incident costs.

Urgent Call for Action

Mark Greisiger, President of NetDiligence, provided crucial commentary on the study’s findings. “We want to thank our cyber insurance partners, whose participation in the study allows us to offer these insights,” Greisiger remarked. He further stated, “It is genuinely eye-opening to witness the profound financial ramifications of cyberattacks on SMEs. This year’s report reveals over 500 cyber claims from SMEs that exceeded $500,000 in total costs, with business interruption alone averaging $370,000.” Greisiger went on to emphasize the actionable implications of the study: “These trends underscore the urgent need for organizations of all sizes to proactively establish comprehensive incident response plans and other baseline security measures to mitigate both the financial and operational repercussions of data breaches and cyberattacks.”

NetDiligence’s latest study serves as a critical wake-up call and a valuable resource for businesses looking to fortify their cyber risk management frameworks. As cyber threats continue to evolve, this study offers a comprehensive benchmark for understanding the current landscape and preparing for the challenges that lie ahead.

Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.