United States

The real cost of a data breach

Insights on the latest cyber risks and associated damages


Download the full report

For businesses to successfully navigate today's cyber-threats and effectively respond to data security events, understanding the costs associated with a data breach is critical. Incidents at Fortune 500 organizations get significant media coverage, but the reputational and financial impact to small and middle market companies can be even more damaging.

RSM US LLP is a proud sponsor of the ninth annual 2019 NetDiligence® Cyber Claims Study, which provides greater insight into data breaches and associated damages.This year's report features analysis of 2,081 claims arising from events that occurred between 2014 and 2018. The data from these claims has been aggregated in over 20 ways, including types and amounts of losses, incident causes, types of data exposed, business sectors affected, revenue size of claimants, and the financial impact of cybercrimes (business interruption, malicious insiders, social engineering, ransomware). 

To present more accurate pictures of the business impact of cyber events on smaller versus larger organizations, this year’s report presents findings for small to medium enterprises (SMEs) separately from findings for large companies. For the purposes of this report, SMEs are defined as organizations with less than $2B in annual revenue, while large companies are defined as organizations with $2B or more in annual revenue. Analysis finds that the average cost of a breach for SMEs was $178K, whereas the average cost of a breach for large companies was $5.6M.

“For several years in a row the focus of attackers has shifted to SMEs, and this year’s data does nothing to change the trend,” said RSM principal Daimon Geopfert. “Attackers are focusing on small and mid-sized business almost to the exclusion of all others. Data breaches within large companies carry the headlines while ransomware and email compromise within SMEs carries the majority of the cost.” 

Additional key study findings include:

  • The number of claims involving breaches from ransomware has increased dramatically since the studys inception with 7 claims in 2014 and 151 in 2018.
  • Social engineering, ransomware, hackers, and malware/viruses were the leading cause of loss in this year's report.
  • One of the clearest trends in the data is the increasing percentage of claims caused by criminal activity. This percentage has increased from 72% in 2014 to 86% in 2017 and 2018.  
  • Events that exposed personally identifiable information (PII), protected health information (PHI), and payment card industry (PCI) data decreased while events such as ransomware and network outages impacting critical files have increased.

For more information on the survey, download the study. To gain insights into protecting your organization against breaches and review the 5 steps to managing cyberrisks.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more