NetDiligence is pleased to present its eleventh annual Cyber Claims Study. This report includes incidents that occurred during the five-year period 2016–2020. A total of 5,797 claims was analyzed. By comparison, the sixth Cyber Claims Study, published in 2016, analyzed fewer than 200 cyber insurance claims. While many of the categories over the last five years have remained the same, the data has changed, sometimes dramatically. Sponsoring this year’s study are RSM, Experian® Data Breach Resolution, Guidewire, and Beckage.
Since 99% of the claims submitted for analysis involved smaller organizations, findings are presented separately for small to medium enterprises (SMEs) and large companies. For the purposes of this report, SMEs are defined as organizations with less than $2B in annual revenue, while large companies are defined as organizations with $2B or more in annual revenue. In this year’s study, ransomware was once again the number one cause of loss for SMEs, followed by hackers, business email compromise, staff mistakes, and phishing. Losses in these five categories accounted for 70% of claims and 80% of costs.