Cyber Claims and Losses Update
At the 2017 NetDiligence® Cyber Risk & Privacy Liability Forum in Santa Monica, CA, a panel reviewed the results of the 2017 NetDiligence® survey on the types and costs of cyber claims being seen.
The panel was:
- Emy Donavan – Global Head, Allianz Global Corporate & Specialty
- Mark Greisiger – President, NetDiligence
- Chris Novak – Global Director RISK Team, Verizon Enterprise Solution
- Tamara Ashjian – Claims Manager, NAS Insurance
- Craig Linton – Claims Manager, Beazley
- J Bradley Vatrt – Assistant Vice President, AIG
- John Mullen – Partner, Mullen Coughlin
The 3 year average cost for a breach was $394,000. 87% of claims were in small to medium size organizations. For large companies the average breach costs was $3.2 million. The per record cost from 2014-2017 was around $8,000. The average cost of crisis services was $249,000. One area where costs are rising is regulatory defense costs. For large breaches, the average cost of regulatory defense was almost $700,000.
Small businesses are just as susceptible to cyber breaches as large companies. Two-thirds of breaches reported by one study were for businesses under 1,000 employees.
Phishing and ransomware are the leading causes of cyber events and the costs of these claims continues to rise. Breachless claims are also driving costs. These include things like denial of service attacks, intellectual property/trademark infringement, and privacy ethics/wrongful collection of data. Examples of wrongful collection of data suits include employers that are collecting biometric screening information and using that for various purposes.
Stats around breaches:
- 75% from people outside company
- 62% involve hacking
- 51% of breaches include malware
- 81% of breaches included stolen or weak passwords
- 51% involved organized criminal groups
- 18% conducted by state-affiliated actors
- 43% were social attacks
Phishing emails are getting more sophisticated and are harder to detect and anyone can fall for them. Training is the key to help your employees be suspicious of unexpected emails.
Ransomware used to be for small amounts with the hacker just trying to collect some quick money. The amounts demanded were usually low, often below policy deductibles. These attacks are growing larger and are often combined with other attacks. For example, someone may hack into your system and slowly extract the data they desire. Once they are done, they deploy ransomware as their exit strategy to collect some quick money. This distracts their victim from their true purposes as they focus on the ransomware.
One of the complications of cyber events is that they can often trigger multiple policies. For example, a ransomware attack could trigger a Cyber policy, but also a kidnap/ransom/extortion policy. There are even times when data is scheduled on a property policy. The interplay between cyber and other coverage along with the lack of a standard form for cyber policies creates challenges for everyone in the marketplace. This is especially a challenge for brokers who are assisting their clients in purchasing coverage to protect them from all potential losses.
Finally, the panel talked about what they expect in the future. Their concerns included breaches of “cloud” data, how one companies data breach will impact companies they work with, and what comes out of the Equifax breach in terms of third party liability claims.