Back To Press Releases

NetDiligence Publishes Twelfth Annual Cyber Claims Study

NetDiligence Publishes Twelfth Annual Cyber Claims Study

Data-Driven Analysis of Cyber Claims Payouts

PHILADELPHIA, Monday, October 3, 2022NetDiligence®, a leading provider of cyber risk readiness and response services, announced today it has published its twelfth annual Cyber Claims Study, a study of actual losses for data breaches and other cyber-related events covered by leading cyber insurance carriers. Sponsoring the study are RSM, Experian, Guidewire, and The Beckage Firm.

Click here to download the full report.

This year’s report features analysis of almost 7,500 claims from events that occurred during 2017–2021, including over 1,000 claims analyzed from incidents that occurred in 2021. The data from these claims has been aggregated in over 20 ways, including crisis, legal, business interruption, recovery, and total incident costs; the nature of the event, type of data exposed, business sectors affected, revenue size of claimants, and causes of loss, especially the growing impact of ransomware.

Findings are presented separately for small to medium enterprises (SMEs) and large companies. In this report, the average revenue for SMEs was approximately $88M, while the average revenue for large companies was $13.5B.

In this year’s study, ransomware was once again the number one cause of loss for SMEs and the costs associated with a ransomware event were again higher – the 5-year average ransom climbed to $262K; the 5-year average cost of a ransomware incident rose to $455K. The average incident cost for large companies (across all types of incidents) was $12.8M.

“For the third year in a row, ransomware is the leading cause of loss for SMEs,” said Mark Greisiger, President of NetDiligence. “Furthermore, the overall business interruption cost of a ransomware incident has significantly grown over that time period. The average costs for a ransomware incident in 2021 were almost double the 5-year average costs.”

“It is a crucial time for SMEs to protect themselves by implementing preventative measures such as multi-factor authentication (MFA) and Endpoint Detection and Response (EDR),” Greisiger adds. “Equally important, we have learned from the cyber insurance community that all sectors must be vigilant about putting an actionable incident response plan in place with hotlines to the insurance carriers’ preferred Breach Coach® and other incident response experts. Ransomware, along with business email compromise (BEC), will likely remain the primary cyber threats. However, we have seen first-hand that when organizations have the tools and planning in place to respond quickly and efficiently, they can minimize both the cost and the disruption to their businesses.”

Study findings will be presented at the NetDiligence Cyber Risk Summit in Santa Monica, California on Tuesday, October 11, 2022. More in-depth coverage of findings, along with front-line insights from sponsors, can be found inside your cyber insurer’s eRiskHub portal.

Study findings as well as the state of the cyber insurance market will be discussed further in two upcoming webinars from NetDiligence. Those interested in attending can register for the webinars using the links below:

  • Webinar: Cyber Claims Study 2022: A Review of Findings and Front-Line Insights
  • Webinar: Cyber Claims Study 2022: State of the Market

Click here to download the 2022 Cyber Claims Study from NetDiligence.

Media Contact:

Steve Kopanski

Director of Marketing, NetDiligence®


[email protected]

— # # # —

About NetDiligence

NetDiligence® specializes in Cyber Risk Readiness & Response services. With over 20 years of experience in cyber, NetDiligence is an award-winning provider of innovative cyber risk management software and services to the insurance industry, including QuietAudit® Cyber Risk Assessments, the eRiskHub® cyber risk management portal, their authorized Breach Coach® program, and Breach Plan Connect®, a securely hosted solution designed to help senior managers plan and execute their organization’s response to a cyber incident, and which also includes a free mobile app for convenient access and alternative means of communication if company systems are compromised. NetDiligence publishes an annual Cyber Claims Study and traditionally hosts Cyber Risk Conferences in Philadelphia, Santa Monica, Toronto, Florida, London, and Bermuda. For more information, visit

About RSM

RSM’s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services focused on middle market businesses. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business environment. RSM US LLP is the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with 48,000 people across 120 countries. For more information, visit, like us on Facebook, follow us on Twitter and/or connect with us on LinkedIn.

About Experian Crisis Solutions

When every minute counts, count on Experian Crisis Solutions. Powered by the nation’s largest credit reporting agency, Experian Crisis Solutions creates better outcomes and unmatched value by delivering expertise, ease, and guaranteed speed when our partners need it the most. With over 15 years of experience, Experian Crisis Solutions has successfully serviced some of the largest and highest-profile breaches in history. Our turnkey solutions include Experian Reserved Response™, data breach response, crisis response management, and proven credit and identity protection products. To learn more, visit or email [email protected].

About Guidewire

Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. More than 400 insurers, from new ventures to the largest and most complex in the world, run on Guidewire. To learn more, email [email protected] or visit

About The Beckage Firm

The Beckage Firm is a women-owned law firm that focuses on technology, data security and privacy, incident response, litigation, and regulatory inquiries. The Beckage Firm attorneys and team counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, and emerging technologies such as Artificial Intelligence (AI). The Beckage Firm’s headquarters are in New York. To learn more, visit

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.