United States

The real cost of a data breach

Insights on the latest cyber risks and associated damages


Download the infographic

For businesses to successfully navigate today's cyber-threats and effectively respond to data security events, understanding the costs associated with a data breach is critical. Incidents at Fortune 500 organizations get significant media coverage, but the reputational and financial impact to small and middle market companies can be even more damaging.

RSM US LLP is a proud sponsor of the seventh annual 2017 NetDiligence® Cyber Claims Study, which provides greater insight into data breaches and associated damages.

The survey details that small companies are more vulnerable to breaches, with nanorevenue companies (less than $50 million) experiencing the majority of incidents (47 percent). That sector was followed by microrevenue companies ($50 million to $300 million) (23 percent) and midmarket and small-revenue companies ($50 million to $2 billion) (15.7 percent).

Health care and professional services were the most frequently breached industries, each with 18 percent of claims. Financial services and retail were also highly affected, with 13 percent and 11 percent respectively. However, retail companies exhibit a more pronounced risk, exposing 67 percent (420 million) of the number of records in the study’s total data set.

“Many security studies focus on the technical aspects of an incident, which is useful in helping organizations understand the ways in which a security incident can occur,” said RSM principal Daimon Geopfert. “However, these studies fail to include the robust business data necessary for organizations to actually make strategic decisions that address the motivations, targets and damages associated with a breach. This study cuts through the sound and fury of the usual cybersecurity alarms by providing the information necessary for organizations to effectively manage their cyberrisks.”

The 2017 study summarizes NetDiligence's findings from a sampling of 354 cyber claims, 343 of which involved the loss, exposure or misuse of sensitive personal data from a variety of industry sectors. It also examines the type of data exposed, the cause of loss, the industry sector in which the incident occurred and the size of the affected organization.

In addition, for the first time, the 2017 study compares findings against the 2016 survey, and also provides aggregate data from the last three years. This information provides a deeper understanding of data breach trends and how organizations can better identify and remediate specific issues.

Additional key study findings include:

  • Personally identifiable information (PII) was the most frequently exposed data (36 percent), followed by intellectual property and trademarks (25 percent), payment card information (PCI) (16 percent) and protected health information (PHI) (15 percent).
  • Hackers were the most frequent cause of loss (27 percent), followed by malware and viruses (16 percent) and lost or stolen devices (12 percent).
  • Third parties accounted for 13 percent of the claims submitted.
  • Insider involvement occurred in 25 percent of the claims submitted.
  • The average cost for crisis services (forensics, notification, credit monitoring, legal guidance) was $249,000.

For more information, download the study and the infographic to learn more about the survey and gain insights into protecting your organization against breaches and review the 5 steps to managing cyberrisks.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Receive Risk Bulletin by Email


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.




2019 economic and risk outlook

  • January 22, 2019


Health care industry 2018 fall webcast series

  • November 15, 2018