NetDiligence® Publishes Second Annual Study of Actual Claims Payouts
PHILADELPHIA, October 9, 2012 – NetDiligence®, a leading cyber risk assessment and data breach services company, announced today it has published its second annual Cyber Liability & Data Breach Insurance Claims – A Study of Actual Payouts for Covered Data Breaches.
“Accurate information regarding losses and claims attributable to information and technology risks remains sparse–or at least non public,” observed Robert Parisi, Managing Director, Marsh Inc. “Risk managers, and underwriters, continue to struggle in evaluating these risks given the comparative lack of statistically significant actuarial data. And often the data that is available is either conflicting and/or encumbered with assumptions that vary dramatically from one survey to the next.”
The annual NetDiligence study attempts to fill that information void. “Our objective is to help CFOs, risk management professionals and insurance underwriters understand the true impact of data insecurity,” explained Mark Greisiger, President of NetDiligence®. “Our study consolidates cyber liability insurance claims loss data from multiple P&C insurers so that the combined pool of claims is sizable enough that it allows us to ascertain real costs and project future trends.”
This year’s report summarizes NetDiligence’s findings for a sampling of 137 data breach insurance claims for incidents that occurred between 2009 and 2011 in a variety of industries, including healthcare, financial services, retail, information technology, online services, and education. Topping the list of the most frequently breached sectors were healthcare and financial services.
The company also looked at the number of records exposed and the associated crisis services costs (forensics, notification, credit monitoring and legal counsel), legal damages (defense and settlement), business interruption costs, and fines (PCI and regulatory) by the type of data exposed, what caused the loss, and which business sector suffered the incident.
In this year’s study, the average insurance cost per breach was $3.7 million, up sharply from last year’s study where the average insurance cost per breach was $2.4 million. However, a typical breach ranged from $25,000 to $200,000 in insurance costs.
“At Zurich, we appreciate the analysis this report provides to all parties interested in the protection of information,” commented John B. Graham, Professional Liability Product Manager for Security and Privacy at Zurich in North America.
The full study report has been published in the eRisk Hub® and is available exclusively to eRisk Hub members. eRisk Hub (www.eRiskHub.com) is a web-based cyber risk management portal that helps organizations prevent and recover from data breaches. A summary report is available for download at the NetDiligence website.
Findings will be presented and discussed at the NetDiligence® West Coast Cyber Risk & Privacy Liability Forum, October 11-12 in Marina del Rey, California. For more information, contact HB Litigation Conferences by phone at 484.324.2755 x212, by email at [email protected], or by visiting the conferences section of HB’s website at www.LitigationConferences.com. Press passes are available.
— # # # —
About NetDiligence®
NetDiligence® is a cyber risk assessment and data breach services company. In addition to its industry-leading eRisk Hub® portal (www.eRiskHub.com), NetDiligence provides enterprise-level cyber risk assessments for a broad variety of corporate clients, including well-known names in banking, brokerage, mortgage, insurance, clearinghouse, and other financial service sectors. NetDiligence services are used by leading insurers in the US and UK that offer cyber liability insurance for businesses. These insurers rely on NetDiligence risk assessments to support both loss control and client education objectives. Partnerships with these insurers, along with a time-tested risk management approach (eliminate, mitigate, accept and cede residual risk), make NetDiligence uniquely positioned to help organizations of all types and sizes manage their cyber risk. For more information, visit www.NetDiligence.com.
