United States

The real cost of a data breach

Insights on the latest cyber risks and associated damages


Download the infographic

For businesses to successfully navigate today's cyber threats and effectively respond to data security events, understanding the costs associated with a data breach is critical. Incidents at Fortune 500 organizations get significant media coverage, but the reputational and financial impact to small and middle market companies can be even more damaging.

RSM US LLP is a proud sponsor of the seventh annual 2017 NetDiligence® Cyber Claims Study, which provides greater insight into data breaches and associated damages.

The survey details that small companies are more vulnerable to breaches, with nanorevenue companies (less than $50 million) experiencing the majority of incidents (47 percent). That sector was followed by microrevenue companies ($50 million to $300 million) (23 percent) and mid-market and small-revenue companies ($50 million to $2 billion) (15.7 percent).

Health care and professional services were the most frequently breached industries, each with 18 percent of claims. Financial services and retail were also highly affected, with 13 percent and 11 percent respectively. However, retail companies exhibit a more pronounced risk, exposing 67 percent (420 million) of the number of records in the study’s total data set.

“Many security studies focus on the technical aspects of an incident, which is useful in helping organizations understand the ways in which a security incident can occur,” said RSM principal Daimon Geopfert. “However, these studies fail to include the robust business data necessary for organizations to actually make strategic decisions that address the motivations, targets and damages associated with a breach. This study cuts through the sound and fury of the usual cybersecurity alarms by providing the information necessary for organizations to effectively manage their cyber risks.”

The 2017 study summarizes NetDiligence's findings from a sampling of 354 cyber claims, 343 of which involved the loss, exposure or misuse of sensitive personal data from a variety of industry sectors. It also examines the type of data exposed, the cause of loss, the industry sector in which the incident occurred and the size of the affected organization.

In addition, for the first time, the 2017 study compares findings against the 2016 survey, and also provides aggregate data from the last three years. This information provides a deeper understanding of data breach trends and how organizations can better identify and remediate specific issues.

Additional key study findings include:

  • Personally identifiable information (PII) was the most frequently exposed data (36 percent), followed by intellectual property and trademarks (25 percent), payment card information (PCI) (16 percent) and protected health information (PHI) (15 percent).
  • Hackers were the most frequent cause of loss (27 percent), followed by malware and viruses (16 percent) and lost or stolen devices (12 percent).
  • Third parties accounted for 13 percent of the claims submitted.
  • Insider involvement occurred in 25 percent of the claims submitted.
  • The average cost for crisis services (forensics, notification, credit monitoring, legal guidance) was $249,000.

For more information, download the study, the infographic and attend the Oct. 17 webcast to learn more about the survey and gain insights into protecting your organization against breaches. To learn more about the survey and gain insights into protecting your organization against breaches, review 5 steps to managing cyberrisks.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




AML and regulatory compliance webcast series: Winter 2018

  • February 13, 2018


Cybersecurity risks for employee benefit plans

  • January 11, 2018


Understanding cybersecurity and operational risks of cryptocurrency

  • November 09, 2017


Cybersecurity best practices and considerations for the public sector

  • October 26, 2017


Learn the real cost of a data breach

  • October 17, 2017