The cost of a data breach: 2022 NetDiligence® Cyber Claims Study

Understanding the ongoing cybersecurity threats to the middle market

As cybersecurity threats and data security events continue to increase, understanding the costs and resources necessary to respond to a data breach is essential. RSM US LLP is a proud sponsor of the 12th annual NetDiligence^® Cyber Claims Study, a report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.

This year’s report features an analysis of almost 7,500 claims arising from events that occurred between 2017 and 2021. Ransomware and business email compromises are the two leading causes of loss in the NetDiligence survey, accounting for 44% of all claims during the full five years of data and nearly 50% from just 2020-21.

Almost all the claims in the survey (98%) were from small to medium enterprises with less than $2 billion in annual revenue. While large companies represented only 2% of claims, they accounted for 51% of the total incident cost in the report. However, the study shows no clear correlation between company size and the cost of a breach. Smaller organizations experienced large losses as well, with perhaps more of an impact than at larger companies.

Escalating recovery expenses are a reminder of the importance of establishing a resilient cybersecurity environment. Recovery costs have been steadily increasing since 2017, with total incident expenses rising since 2018. In fact, over the last five years, claims with recovery expenses were about 60% higher, and in 2021, incident costs were over 300% higher when recovery expenses were incurred. So not only does an incident cost the business, but significant recovery costs must also be considered in many instances.