Back To Press Releases

NetDiligence Releases Latest Study on Cyber Claim Costs

NetDiligence® Publishes Fifth Annual Study of Actual Claim Payouts

PHILADELPHIA, September 30, 2015 – NetDiligence®, a leading cyber risk assessment and data breach services company, announced today it has published its fifth annual Cyber Claims Study, a study of actual losses for data breach events covered by various leading cyber liability insurance carriers.

This year’s report summarizes NetDiligence’s findings for a sampling of 160 cyber liability insurance claims, 155 of which involved the exposure of sensitive data. The study examines the type of data exposed, the cause of loss, the business sector in which the incident occurred and the size of the affected organization. The study also considers claims due to third-party breaches and claims due to insider involvement, both accidental and malicious.

The primary focus of the study is the costs incurred by underwriters due to cyber claim events, including Crisis Services (forensics, notification, credit/ID monitoring and legal counsel/Breach Coach®), Legal (class action lawsuit defense and settlement), Regulatory (defense and settlement) and PCI (fines).

This year’s study finds the average total claim for a breach was $673,767, with an average payout for Crisis Services of $499,710. However, the average claim for a large company was $4.8 million, while the average claim in the Healthcare sector was $1.3 million.

“As an independent and trusted partner to the cyber liability insurance industry, NetDiligence is uniquely positioned to combine data from multiple insurers so that the pool of claims is large enough to ascertain real costs, project future trends and better educate concerned Risk Managers and CFOs,” said Mark Greisiger, president of NetDiligence. “We are honored that our cyber liability insurance carrier and broker partners share a sampling of their loss data with NetDiligence. Without them, the valuable insights this educational study provides would not be possible.”

Sponsoring this year’s NetDiligence Cyber Claims Study are AllClear ID, McGladrey (soon to be RSM, effective October 26, 2015), Cipriani & Werner, P.C., and Symantec.

AllClear ID is a platinum sponsor of this important industry study for the third straight year. According to Bo Holland, founder and CEO, “This study is a prime example of the value of collaboration across our industry. Through further information sharing and collaboration like this, cyber insurers and their customers will gain a more comprehensive understanding of the total costs associated with data breaches, enabling them to better price policies, mitigate financial risk, and effectively address emerging cyber threats.”

The NetDiligence® 2015 Cyber Claims Study is now available for download at the NetDiligence website ( eRiskHub® licensors and their clients have exclusive access to an expanded version of the study in the Learning Center of the eRiskHub. The eRiskHub ( is a web-based cyber risk management portal that helps organizations prevent and recover from data breaches.

Media Contact:
Mark Greisiger
President, NetDiligence®
[email protected]

About NetDiligence®

NetDiligence® is a cyber risk assessment and data breach services company. Since 2001, NetDiligence has conducted thousands of enterprise-level cyber risk assessments for a broad variety of corporate clients, including well-known names in banking, brokerage, mortgage, insurance, clearinghouse, and other financial service sectors. NetDiligence services are used by leading insurers in the U.S. and U.K. that offer “hacker insurance” for businesses. These insurers rely on NetDiligence cyber risk assessments to support both loss-control and educational objectives. Partnerships with these leading cyber liability insurers, along with a time-tested risk management approach (eliminate, mitigate, accept and cede residual risk), make NetDiligence uniquely positioned to help organizations of all types and sizes manage their cyber risk. For more information, visit

About AllClear ID

AllClear ID is the price, service, and product leader in the data breach response industry. We partner with cyber insurers to provide unique solutions that save money and effectively cover data breach events. Our innovative, proactive approach to breach response offers significant cost savings compared to a standard response, while providing better protection to victims, resulting in fewer customer complaints and less brand tarnish. Year-after-year, AllClear ID is recognized for unsurpassed customer service, patented technology and innovative identity protection services. AllClear ID has received 10 international awards for outstanding customer service and maintains an industry-leading 97% customer satisfaction rating. For more information, visit

About About McGladrey

Effective Oct. 26, 2015, McGladrey will unite with fellow members of our global network under the common brand name RSM. McGladrey LLP is the leading U.S. provider of assurance, tax and consulting services focused on the middle market, with 8,000 professionals and associates in 80 cities nationwide. A licensed CPA firm, McGladrey serves clients around the world through RSM International, a global network of independent accounting, tax and consulting firms.

About Cipriani & Werner, P.C.

Cipriani & Werner, P.C. delivers an end-to-end, integrated approach to its clients’ privacy and data security needs. Clients of this Mid-Atlantic litigation defense firm benefit from our team of professionals that includes experienced litigators, leaders in crisis communications, forensic IT assessment and mitigation, regulatory compliance and government relations offering services including corporate and IT audits and risk assessments, development of breach response plans, our breach response team and litigation defense. Our clients appreciate the simplicity and certainty of having a single point of contact with a trusted team that has served the insurance industry for more than three decades. For more information, visit

About Symantec

Symantec Corporation is an information security expert that helps people, businesses, and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operates the largest commercial global data intelligence network, and provides leading incident response and security solutions. Symantec™ Cyber Security Services: Global Incident Response delivers both proactive and reactive services including Incident/Forensic Response and readiness services such as Incident Response Plan Assessments, Tabletop Exercises, Training, and Advanced Threat Hunting to help our customers build and refine their incident response plans and turn them into proactive programs. For more information, visit

— # # # —

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.