Log In

Reset Password

Rising cost of cyber breaches

With new regulations on the horizon that will impose large fines on companies which suffer certain types of data breaches, a snapshot study of the scale of cyber incidents has been released.

The 2017 Cyber Claims Study by NetDiligence, featuring input from major insurance companies, found that the average total cost of a cyberbreach incident was $394,000. However, for companies with revenues above $2 billion, the average cost was $3.2 million.

By sector, retail accounted for the biggest exposure of records, at 420 million, or 67 per cent of the data set in this year's study.

While ransomware and cyberextortion affected every sector, with maximum breach costs higher than $500,000.

The study found that hackers were the most common cause of loss, followed by malware and viruses, ransomware and cyberextortion, and staff mistakes.

Maliciously motivated insider events elevated the cost of claims by a factor of four. While breaches were 20 per cent higher when there was cloud involvement.

Last year, the average cost per breached record was $17,035, while the average cost for 2014-2017 was $8,100. However, NetDiligence noted that this metric can be “heavily skewed by outliers”. Excluding the top and bottom five per cent of the data set, the average fell to $787. The median cost per record was $46.50.

The consolidated claims data in the study came from multiple insurers. Companies that participated in the study included Ace, Aspen Insurance, AIG, XL Group, Zurich, Travelers, and Sompo International.

AllClear ID, a major sponsor of the 53-page study, noted: “The uptick in unpredictable and unique threats such as ransomware and cyber extortion adds a new layer of complexity.

“While businesses cannot block every type of attack against their sensitive information, they can and should take steps to ensure they are ready to respond to their customers with quality, speed and care after a data breach.”

The company said new regulations, such as the European Union's General Data Protection Regulation, and the New York Department of Financial Services's cybersecurity regulation, demand as fast as 72-hour reaction time to data-breach events.

“That means that businesses must take a proactive approach to breach readiness, and be certain their plans and teams will hold up to a live breach incident.”

The GDPR goes into effect in May 2018 and applies to all EU countries and companies based in those countries, and non-EU companies that process the data of EU citizens. Maximum fines for lack of compliance are up to 4 per cent of overall turnover/revenues, or €20 million ($23.8 million), which ever is greater.

This year's seventh annual Cyber Claims Study was presented by US-based NetDiligence, which specialises in cyber-risk readiness and response.

Click on Related Media to view the full study report.

Steep rise: the average cost per record affected by a cyberbreach in 2016 was $17,035, the highest in the six years covered by NetDiligence's Cyber Claims Study. the company noted that this metric can be heavily skewed by outliers.

You must be Registered or to post comment or to vote.

Published November 30, 2017 at 8:00 am (Updated November 29, 2017 at 11:48 pm)

Rising cost of cyber breaches

What you
Need to
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon