NetDiligence is pleased to present its tenth annual Cyber Claims Study. This year’s report features analysis of 3,547 claims arising from events that occurred during 2015–2019. The data from these claims has been aggregated in over 20 ways, including total, average, and median costs; the nature of the event (type of data exposed, business sectors affected, revenue size of claimants, causes of loss); and the growing impact of cybercrimes (ransomware, business interruption, social engineering). Sponsoring the study are RSM US and Experian® Data Breach Resolution.
Findings are presented separately for small to medium enterprises (SMEs) and large companies. For the purposes of this report, SMEs are defined as organizations with less than $2B in annual revenue, while large companies are defined as organizations with $2B or more in annual revenue. In this year’s study, ransomware was the number one cause of loss for SMEs and the costs associated with a ransomware event were significantly higher – the average ransom jumped from $36K to $175K; the average cost of a ransomware incident from $150K to $275K. The average incident cost for large companies (across all types of incidents) was $9.1M; hackers remained the number one cause of loss.