After analyzing a sampling of 160 Cyber Liability Insurance claims, the NetDiligence 2014 Cyber Claims Study [PDF] revealed some interesting data. In total, the study found that insurers paid out about $75.5 million for breach-related losses, and about 78 percent of those costs stemmed from crisis management. It also found:
- Companies with "nano-revenue" (less than $50 million) had almost a quarter of the breaches (23 percent).
- Though the average amount of compromised records was 2.4 million, the median number of exposed records was 3,500, which indicates there were a lot of smaller breaches.
- Median payouts and per-cost records are lower than the averages, again suggesting lots of smaller breaches.
The study states smaller organizations have more data breaches than their larger counterparts. This may be because they either don't have the resources to shore up their cyber security or they aren't entirely aware of their risks.
But the real takeaway is that Cyber Insurance is doing its job. In fact, companies without insurance had costs up to 30 percent higher than those with insurance, according to Claims Journal. The data shows policyholders are relying on their coverage to pay for even small breaches, and it's saving them a lot of money.
Cyber Liability Insurance: Useful for Both Big and Small Breaches
When you hear about data breaches, chances are your mind races to the latest billion-dollar hack at a bigwig corporation. With those breaches as your only benchmark, it can be easy to think Cyber Liability Insurance doesn't have much of a place at your business – you simply don't have as much to pilfer.
But the fact of the matter is that breaches are often crimes of opportunity. If you don't have cyber defenses in place, attackers will take what they can. It's all money to them, and enough easy, small targets add up to a big payday all the same. (For more on that, read "Top 8 Data Breach Misconceptions.")
If there's one thing the study above clearly illustrates, it's that many insureds use their Cyber Liability policies to cover these smaller, less sensational attacks. You don't need a million-dollar loss to justify its use – you can usually draw on your coverage so long as the cyber attack forces you to:
- Notify affected customers.
- Investigate what caused the breach.
- Offer credit-monitoring services to affected parties.
- Repair your business's reputation through PR measures and goodwill advertising.
- Pay regulatory fines for the breach.
- Temporarily shut down your business to handle the breach (related reading: "Does Your Cyber Insurance Have Business Interruption Coverage?").
These are all crisis management activities, and they represent the bulk of claims insureds make on their Cyber Liability policies. The NetDiligence study found the median cost for these services was $110,594. Sure, that's not a figure beyond comprehension, but it's also not exactly a sum you'd like to pay out of pocket.
Put another way, small breaches are like a small kitchen fire that gets contained and causes limited damage. It's not a massive building fire that destroys everything. But in both cases, wouldn't it be nice to have insurance to help you pay for the damages all the same?
So maybe to celebrate National Cyber Security Awareness Month, ask your insurance agent about the Cyber Liability Insurance policy that makes sense for your business.