Back To Press Releases

Quantifying the Cost of Data Breaches

NetDiligence® Publishes Landmark Study of Actual Claims Payouts

PHILADELPHIA, August 03, 2011 – NetDiligence®, a leading cyber risk assessment and data breach services company, announced today it has published Cyber Liability & Data Breach Insurance Claims –A Study of Actual Payouts for Covered Data Breaches.

While previous studies have shed light on data breach events through anecdotal information, the NetDiligence study uses actual cyber liability reported claims to illuminate the real costs of such incidents. The report summarizes NetDiligence’s findings for a sampling of data breach insurance claims that occurred between 2005 and 2010 in a variety of industries, including healthcare, financial services, retail, information technology, manufacturing and education.

“Given the recent well-publicized events, this study is both timely and important because it sheds light on what is driving these incidents, demonstrates the real dollars that are being spent both dealing with the event as well as ultimate damages, and dispels the myth that data breach events don’t carry significant damages to organizations that are affected,” commented Norm Rafsol, Executive Vice President of ACE Professional Risk.

For the study, NetDiligence asked insurance underwriters about data breaches and the claims losses they have sustained. NetDiligence looked at the type of data exposed, what caused the loss, and which business sector suffered the incident. The company also looked at the number of records exposed and the associated crisis services costs (forensics, notification, credit monitoring and legal counsel), legal damages (defense and settlement), business interruption costs, and fines (PCI and regulatory). Lastly, NetDiligence asked leaders in the industry representing insurance carriers, law firms, general counsel and cyber breach consultants to offer their insights into recent developments and trends in breach events.

“We initially presented our findings at the NetDiligence® Cyber Risk & Privacy Liability Forum in Philadelphia last month,” said Mark Greisiger, President of NetDiligence. “It is our hope that actuaries, risk managers and others working in the field of data security will use this information to properly price policies, perform more accurate risk assessment, and establish better safeguards and action plans to protect themselves from data breaches.”

The full study report has been published in the eRisk Hub® and is available exclusively to eRisk Hub members. eRisk Hub ( is a subscription-based web portal that helps organizations prevent and recover from data breaches. A summary report is available for download at the NetDiligence website (NetDiligence® | Summary Report | Cyber Liability & Data Breach Insurance Claims – A Study of Actual Payouts for Covered Data Breaches).

Findings will again be presented and discussed at the NetDiligence West Coast Cyber Risk & Privacy Liability Forum, October 4-5 in Marina del Rey, California. For more information, contact HB Litigation Conferences by phone at 484.324.2755 x212, by email at [email protected], or by visiting the conferences section of HB’s website at Press passes are available.

— # # # —

About NetDiligence®

NetDiligence® is a cyber risk assessment and data breach services company. Since 2001, NetDiligence has conducted thousands of enterprise-level cyber risk assessments for a broad variety of corporate clients, including well-known names in banking, brokerage, mortgage, insurance, clearinghouse, and other financial service sectors. NetDiligence services are used by leading insurers in the U.S. and U.K that offer “hacker insurance” for businesses. Insurers like ACE, Arch, Chubb, Zurich, Beazley, Hiscox, Aspen, Brit and other Lloyds of London syndicates rely on NetDiligence risk assessments to support both loss-control and educational objectives. Partnerships with these leading cyber liability insurers, along with a time-tested risk management approach (eliminate, mitigate, accept and cede residual risk), make NetDiligence uniquely positioned to help organizations of all types and sizes manage their cyber risk. For more information, visit

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.