Ransomware and business email compromise accounted for 46% of claims from 2018–2022.
High Contrast
Ransomware and business email compromise accounted for 46% of claims from 2018–2022.
Ninety-eight percent of claims in the survey were from small to medium enterprises.
Claims with recovery costs were about 60% higher from 2018–2022 and over 300% higher in 2022.
As cybersecurity threats and data security events continue to increase, understanding the costs and resources necessary to respond to a data breach is essential. RSM US LLP is a proud sponsor of the 13th annual NetDiligence® Cyber Claims Study, a report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.
This year’s report features an analysis of almost 9,000 claims arising from events that occurred between 2018 and 2022. Ransomware and business email compromises are the two leading causes of loss in the NetDiligence survey, accounting for 46% of all claims during the five-year period from 2018–2022 and nearly 56% in 2022.
Insider threats have been an ongoing issue for many years. In recent months we have seen postings on the dark web for a “malicious” employee who could be hired with the end purpose of infiltrating and stealing confidential information from a company.
Almost all the claims in the survey (98%) were from small to medium enterprises with less than $2 billion in annual revenue. While large companies represented only 2% of claims, they accounted for 54% of the total incident cost in the report. However, the study shows no clear correlation between company size and the cost of a breach. Smaller organizations experienced large losses as well, with perhaps more of an impact than at larger companies.
Escalating recovery expenses is a reminder of the importance of establishing a resilient cybersecurity environment. In fact, over the last five years, claims with recovery expenses were about 60% higher, and in 2022, incident costs were over 300% higher when recovery expenses were incurred. So not only does an incident cost the business, but significant recovery costs must also be considered in many instances.