NetDiligence, a firm specializing in cyber risk readiness and response solutions, has released its thirteenth annual Cyber Claims Study, which provides insights into the real costs of data breaches and other cyber-related incidents from an insurer’s perspective. The study analyzes 9,000 claims spanning the period from 2018 to 2022, with 800 claims from 2022 alone.
Key findings of the study include:
The average cost of cyber incidents for small to medium enterprises (SMEs) showed a slight dip from 2021 to 2022, but the average ransom demand for SMEs increased from $514,000 to $555,000 during the same period. Large companies, on the other hand, experienced a significant average incident cost of $13.8 million across all incident types.
In 2022, criminal activity accounted for a staggering 95% of cyber insurance claims from SMEs, a figure that has been steadily on the rise since 2018. The average costs incurred by SMEs for claims stemming from non-criminal activity more than tripled, increasing from $177,000 in 2021 to $433,000 in 2022.
Over 500 cyber claims from SMEs exceeded $500,000 in total costs, with business interruption alone averaging $370,000.
For SMEs, the top three causes of loss were ransomware, business email compromise (BEC), and social engineering. For large companies, the top three causes of loss were ransomware, system intrusion, and errors and omissions.
The study also found that the average time to contain a ransomware attack increased from 16 days in 2021 to 21 days in 2022. This suggests that attackers are becoming more sophisticated and ransomware attacks are becoming more difficult to mitigate.
Implications for businesses:
The NetDiligence Cyber Claims Study 2023 highlights the importance of cyber risk management for businesses of all sizes. The study also emphasizes the need for businesses to have a comprehensive incident response plan in place.
Tips for businesses:
Invest in cybersecurity solutions, such as firewalls, intrusion detection systems, and anti-virus software.
Train employees on cybersecurity best practices, such as how to identify and avoid phishing emails and how to create strong passwords.
Implement a zero-trust security model, which assumes that no user or device can be trusted by default.
Have a comprehensive incident response plan in place to help you recover from a cyber attack quickly and efficiently.
Cyber insurance can also help businesses to mitigate the financial risks associated with cyber attacks. However, it is important to note that cyber insurance is not a substitute for good cyber risk management practices.
Other News: Data Breach Costs Rise – Report(Opens in a new browser tab)