Cybersecurity claims for data loss vary widely

Cybersecurity claims reported in recent years vary widely, with larger claims reaching $500 million in data loss and smaller claims at $1,000.

NetDilligence has released its annual report, which analyzes 10,464 incident complaints between 2019 and 2023.

The report shows that 98% of applications were from small and medium-sized enterprises (SMEs) with annual revenues of less than $2 billion. While only 2 percent were larger companies, these claims accounted for 51 percent of the total incident cost analyzed in the report ($2.0 billion versus $3.9 billion), the report found.

Ransomware and Business Email Compromise (BEC) were the two main causes of loss. They accounted for 53% of applications in the period studied and almost 39% to date in 2023:

• 2,754 claims were due to ransomware, 54% of which occurred between 2021 and 2023, with initial claims of up to $80 million; 15 ransoms were paid up to $50 million, with the average cost of ransom requests being $205.
• 1,714 claims were due to BEC attacks, 56% of which occurred between 2021 and 2023, with the average cost of a BEC claim at $183,000 in 2023.

Other common losses were hacking, wire fraud and staff mistakes, according to the report.

The most affected sectors by number of SME applications were professional services, manufacturing, financial services, retail and healthcare. Healthcare had the highest average incident cost per industry ($261,000).

The average cost of business interruption for SMEs was $487,000, and for larger companies it was $26 million.

To compile the report, the researchers asked insurers and cyber liability carriers to submit information about claims. The report also includes data from previously published NetDiligence studies representing 5,473 incidents.