A recent study on cyber claims losses and payouts by NetDiligence, a cyber threat risk assessor, observed several trends in financial losses suffered by companies due to cyberattacks. The annual report revealed that in excess of $75.5 million was lost in cyber claims.
The study examined the size and nature of the companies, whether the losses stemmed from third-party attacks, the extent and type of information or data lost, and whether internal sources were involved in causing the attack. The report further analyzed the spread of the claims among crisis services, legal counsel, regulatory and payment card information fines.
Out of the $75.5 million spent on claims, the study found that 78 percent went to crisis services, with 17 percent going to legal defense and settlements, and lower percentages being associated with regulatory and other fines.
When responding to crises, companies are beginning to invest in legal counsel early on in the response process to alleviate post-hoc regulatory fines and improve their ability to appropriately address an attack.
Retail, financial services and health care sectors were among the most frequently breached, with smaller organizations accounting for the most attacks but larger organizations suffering the greater gross financial loss and data exposure. Either third-party vendor breaches or internal employee involvement, whether malicious or accidental, were found in roughly a third of the cases analyzed. Hacking or malware were typically the cause of the most damaging and costly attacks. Personal identification info was the most leaked at a reported 94 percent, followed by payment card info at 27 percent and private health care info at 14 percent.
Claims Journal has the whole story.