Report

The cost of a data breach: 2022 NetDiligence® Cyber Claims Study

Do you know the true costs of a data breach?

Oct 05, 2022

Understanding the ongoing cybersecurity threats to the middle market

As cybersecurity threats and data security events continue to increase, understanding the costs and resources necessary to respond to a data breach is essential. RSM US LLP is a proud sponsor of the 12th annual NetDiligence® Cyber Claims Study, a report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.

This year’s report features an analysis of almost 7,500 claims arising from events that occurred between 2017 and 2021. Ransomware and business email compromises are the two leading causes of loss in the NetDiligence survey, accounting for 44% of all claims during the full five years of data and nearly 50% from just 2020-21.

This year’s study has made it apparent that the cost of a cybersecurity incident can vary depending on the incident response and resiliency plans a company has in place. If the organization has a strong resiliency plan, business interruption and recovery costs could potentially be mitigated, and the overall cost and impact to the business could be reduced.
Tauseef Ghazi, RSM National Leader, Security and Privacy Services, RSM US LLP

Almost all the claims in the survey (98%) were from small to medium enterprises with less than $2 billion in annual revenue. While large companies represented only 2% of claims, they accounted for 51% of the total incident cost in the report. However, the study shows no clear correlation between company size and the cost of a breach. Smaller organizations experienced large losses as well, with perhaps more of an impact than at larger companies.

Escalating recovery expenses are a reminder of the importance of establishing a resilient cybersecurity environment. Recovery costs have been steadily increasing since 2017, with total incident expenses rising since 2018. In fact, over the last five years, claims with recovery expenses were about 60% higher, and in 2021, incident costs were over 300% higher when recovery expenses were incurred. So not only does an incident cost the business, but significant recovery costs must also be considered in many instances.

Download the report

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.