Back To Press Releases

NetDiligence Publishes Eleventh Annual Cyber Claim Study

NetDiligence Publishes Eleventh Annual Cyber Claim Study

Releases Data-Driven Analysis of Cyber Claim Payouts

PHILADELPHIA, September 22, 2021 – NetDiligence®, a leading provider of cyber risk readiness and response services, announced today it has published its eleventh annual Cyber Claims Study, a study of actual losses for data breaches and other cyber-related events covered by leading cyber insurance carriers. Sponsoring the study are RSM, Experian® Data Breach Resolution, Guidewire, and Beckage.

This year’s report features analysis of almost 6,000 claims arising from events that occurred during 2016–2020. The data from these claims has been aggregated in over 20 ways, including crisis, legal, business interruption, recovery, and total incident costs; the nature of the event, type of data exposed, business sectors affected, revenue size of claimants, and causes of loss, especially the growing impact of ransomware.

Findings are presented separately for small to medium enterprises (SMEs) and large companies. In this report, the average revenue for SMEs was approximately $84M, while the average revenue for large companies was $11B.

In this year’s study, ransomware was once again the number one cause of loss for SMEs and the costs associated with a ransomware event were again higher – the average ransom climbed to $247K; the average cost of a ransomware incident rose to $352K. The average incident cost for large companies (across all types of incidents) was $10.1M.

“The value of cyber insurance cannot be overstated and our studies repeatedly underscore this,” said Mark Greisiger, president of NetDiligence. “With ransomware again the number one cause of loss, we will be watching closely to see whether cyber policyholders, especially SMEs, deploy sufficient cybersecurity safeguards to reduce their ransomware exposure and qualify for ransomware coverage. If not, the challenge will be how we, as an industry, can help them get there.”

“Fortunately, the study also shows some sunlight,” Greisiger added. “For example, the average cost of a hacking incident dropped from $634K to $430K. And within the financial sector, the average incident cost fell from $237K to $112K.”

Study findings will be presented at the NetDiligence Cyber Risk Summit in Santa Monica on Tuesday, October 5, 2022. More in-depth coverage of findings, along with front-line insights from study sponsors, will be presented via webinar later in the year.

Interested parties can download the 2021 Cyber Claims Study by visiting the NetDiligence website at

Media Contact:
Dave Chatfield
Vice President & COO, NetDiligence®
[email protected]

— # # # —

About NetDiligence®
NetDiligence® specializes in Cyber Risk Readiness & Response services. With more than 15 years of experience in cyber, NetDiligence is an award-winning provider of innovative cyber risk management software and services to the insurance industry, including QuietAudit® Cyber Risk Assessments, the eRiskHub® cyber risk management portal, and Breach Plan Connect®, a securely hosted solution designed to help senior managers plan and execute their organization’s response to a cyber incident, and which also includes a free mobile app for convenient access and alternative means of communication if company systems are compromised. NetDiligence publishes an annual Cyber Claims Study and traditionally hosts annual Cyber Risk Conferences in Philadelphia, Santa Monica, Toronto, London, and Bermuda. For more information, visit

About RSM
RSM is the leading provider of audit, tax and consulting services focused on the middle market, with nearly 13,000 professionals in 83 U.S. cities and four locations in Canada. It is a licensed CPA firm and the U.S. member of RSM International, with 48,000 people in more than 120 countries. For more information, visit

About Experian® Data Breach Resolution
Experian® Data Breach Resolution, powered by the nation’s largest credit bureau, is a leader in helping businesses prepare for a data breach via the proprietary Experian® Reserved Response program and also mitigate consumer risk following breach incidents. With more than nineteen years of experience, Experian has successfully serviced some of the largest and highest-profile data breaches in history. The group offers swift and effective incident management, notification, call center support and fraud resolution services while serving millions of affected consumers with proven credit and identity protection products. For more information, visit and follow us on Twitter @Experian_DBR.

About Guidewire
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 400 insurers, from new ventures to the largest and most complex in the world, run on Guidewire. For more information, contact us a [email protected].

About Beckage
Beckage is a women-owned law firm focused on technology, data security, and privacy. Our attorneys counsel clients on matters pertaining to data security and privacy compliance, litigation and class action defense, incident response, government investigations, technology intellectual property, and emerging technologies. Our lawyers are technologists, tech business owners, CISAs, CISOs, former regulators,
and certified privacy professionals. Learn more at

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.