NetDiligence®, a leading provider of cyber risk readiness and response services, announced it has published its ninth annual Cyber Claims Study, a study of actual losses for data breaches and other cyber-related events covered by leading cyber insurance carriers. Sponsoring the study are RSM and Cozen O’Connor.

This year’s report features an analysis of 2,081 claims arising from events that occurred during 2014–2018. The data from these claims has been aggregated in over 20 ways, including total, average, and median costs (total breach, crisis services, legal and regulatory, and per-record); the nature of the event (type of data exposed, business sectors affected, revenue size of claimants, causes of loss); and the financial impact of cybercrimes (business interruption, malicious insiders, social engineering, ransomware).

To present more accurate pictures of the business impact of cyber events on smaller versus larger organizations, this year’s report presents findings for small to medium enterprises (SMEs) separately from findings for large companies. For the purposes of this report, SMEs are defined as organizations with less than $2B in annual revenue, while large companies are defined as organizations with $2B or more in annual revenue. The analysis finds that the average cost of a breach for SMEs was $178K, whereas the average cost of a breach for large companies was $5.6M. The average cost of crisis services (forensics, notification, legal guidance, etc.) for SMEs was $112K; for large companies $3.8M. The average legal/regulatory costs for SMEs were $181K; for large companies $2.2M.